{ "Event": { "analysis": "1", "date": "2020-10-24", "extends_uuid": "", "info": "[Threat Intel] FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks", "protected": false, "publish_timestamp": "1780382439", "published": true, "threat_level_id": "1", "timestamp": "1780382438", "uuid": "e82626b8-e22b-43af-bb55-69b06800cc4a", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#cc5e96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#17c030", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"", "relationship_type": "" }, { "colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": "" }, { "colour": "#91ee5f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rootkit - T1014\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#cfba47", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": "" }, { "colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#dac154", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": "" }, { "colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#36a9d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": "" }, { "colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": "" }, { "colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#71ecdb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Manipulation - T1098\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#70b0b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#9dc839", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"", "relationship_type": "" }, { "colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": "" }, { "colour": "#37f8da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#45a451", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#1acf09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Trusted Relationship - T1199\"", "relationship_type": "" }, { "colour": "#3a63ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indirect Command Execution - T1202\"", "relationship_type": "" }, { "colour": "#0aebeb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#4edbe6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Browser Information Discovery - T1217\"", "relationship_type": "" }, { "colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": "" }, { "colour": "#81b347", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Software - T1219\"", "relationship_type": "" }, { "colour": "#a05856", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": "" }, { "colour": "#bf2644", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server Software Component - T1505\"", "relationship_type": "" }, { "colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": "" }, { "colour": "#9c8729", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Create or Modify System Process - T1543\"", "relationship_type": "" }, { "colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": "" }, { "colour": "#9dfeaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Abuse Elevation Control Mechanism - T1548\"", "relationship_type": "" }, { "colour": "#a320c3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unsecured Credentials - T1552\"", "relationship_type": "" }, { "colour": "#3b33aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Subvert Trust Controls - T1553\"", "relationship_type": "" }, { "colour": "#5b3acc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Wipe - T1561\"", "relationship_type": "" }, { "colour": "#d4fd6f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Impair Defenses - T1562\"", "relationship_type": "" }, { "colour": "#6b4ab5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Manipulation - T1565\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#fda248", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Services - T1569\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": "" }, { "colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": "" }, { "colour": "#7c8061", "local": false, "name": "misp-galaxy:target-information=\"Bosnia and Herzegovina\"", "relationship_type": "" }, { "colour": "#6d455d", "local": false, "name": "misp-galaxy:target-information=\"Bulgaria\"", "relationship_type": "" }, { "colour": "#4bec12", "local": false, "name": "misp-galaxy:target-information=\"Chile\"", "relationship_type": "" }, { "colour": "#9f8eb4", "local": false, "name": "misp-galaxy:target-information=\"Costa Rica\"", "relationship_type": "" }, { "colour": "#321f24", "local": false, "name": "misp-galaxy:target-information=\"Ecuador\"", "relationship_type": "" }, { "colour": "#f107e3", "local": false, "name": "misp-galaxy:target-information=\"Ghana\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": "" }, { "colour": "#fbaa07", "local": false, "name": "misp-galaxy:target-information=\"Kenya\"", "relationship_type": "" }, { "colour": "#841801", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#dfc3c3", "local": false, "name": "misp-galaxy:target-information=\"Malta\"", "relationship_type": "" }, { "colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": "" }, { "colour": "#0dc5a4", "local": false, "name": "misp-galaxy:target-information=\"Mozambique\"", "relationship_type": "" }, { "colour": "#ff41c1", "local": false, "name": "misp-galaxy:target-information=\"Nepal\"", "relationship_type": "" }, { "colour": "#71c031", "local": false, "name": "misp-galaxy:target-information=\"Nicaragua\"", "relationship_type": "" }, { "colour": "#bedb1f", "local": false, "name": "misp-galaxy:target-information=\"Nigeria\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#69061f", "local": false, "name": "misp-galaxy:target-information=\"Panama\"", "relationship_type": "" }, { "colour": "#1c5aae", "local": false, "name": "misp-galaxy:target-information=\"Peru\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": "" }, { "colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": "" }, { "colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#02a4c7", "local": false, "name": "misp-galaxy:target-information=\"Togo\"", "relationship_type": "" }, { "colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#d6740b", "local": false, "name": "misp-galaxy:target-information=\"Uganda\"", "relationship_type": "" }, { "colour": "#09b89b", "local": false, "name": "misp-galaxy:target-information=\"Uruguay\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#5e8ca8", "local": false, "name": "misp-galaxy:target-information=\"Zambia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CHEESETRAY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ELECTRICFISH\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FastCash\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HOPLIGHT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NACHOCHEESE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PSLogger\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Lazarus Group\"", "relationship_type": "" }, { "colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736669785", "to_ids": false, "type": "link", "uuid": "179f48f5-bbbf-4374-b3ea-a2754eb40742", "value": "https://us-cert.cisa.gov/ncas/alerts/aa20-239a" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736669785", "to_ids": false, "type": "link", "uuid": "de6ed269-b4ce-4637-b0f1-5fce141d1fa3", "value": "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239b" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736669785", "to_ids": false, "type": "link", "uuid": "05eb8b0e-13e9-4c22-9048-16dd20eb6c97", "value": "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239c" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736669785", "to_ids": false, "type": "link", "uuid": "1335f816-b1f3-4dff-9265-25fe8182e05d", "value": "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-239a" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736669785", "to_ids": false, "type": "text", "uuid": "2e062f40-ab7c-4005-a715-f8cf4771c5a7", "value": "This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S. Cyber Command (USCYBERCOM). Working with U.S. government partners, CISA, Treasury, FBI, and USCYBERCOM identified malware and indicators of compromise (IOCs) used by the North Korean government in an automated teller machine (ATM) cash-out scheme\u2014referred to by the U.S. Government as \u201cFASTCash 2.0: North Korea's BeagleBoyz Robbing Banks.\u201d" }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736669785", "to_ids": false, "type": "text", "uuid": "58fd4bbd-2d60-45a9-a49b-fa08b5463a88", "value": "Name: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks\nAuthor: AlienVault\nAdversary: Lazarus Group\nTags: [\"beagleboyz\", \"fastcash\", \"windows\", \"exploit\", \"swift\", \"hoplight\", \"powershell\", \"lazarus\", \"philippines\", \"uruguay\", \"bank\", \"mexico\", \"hidden cobra\", \"trojan\"]\nTgtd countries: [\"Argentina\", \"Brazil\", \"Bangladesh\", \"Bosnia and Herzegovina\", \"Bulgaria\", \"Chile\", \"Costa Rica\", \"Ecuador\", \"Ghana\", \"India\", \"Indonesia\", \"Japan\", \"Jordan\", \"Kenya\", \"Kuwait\", \"Malaysia\", \"Malta\", \"Mexico\", \"Mozambique\", \"Nepal\", \"Nicaragua\", \"Nigeria\", \"Pakistan\", \"Panama\", \"Peru\", \"Philippines\", \"Singapore\", \"South Africa\", \"Korea, Republic of\", \"Spain\", \"Taiwan\", \"Tanzania, United Republic of\", \"Togo\", \"Turkey\", \"Uganda\", \"Uruguay\", \"Viet Nam\", \"Zambia\"]\nMlwr families: [\"CROWDEDFLOUNDER\", \"ELECTRICFISH\", \"HOPLIGHT\", \"VIVACIOUSGIFT\", \"FASTCash\", \"ECCENTRICBANDWAGON,\"]\nAttack_ids: [\"T1001\", \"T1005\", \"T1010\", \"T1012\", \"T1014\", \"T1016\", \"T1020\", \"T1021\", \"T1027\", \"T1033\", \"T1036\", \"T1041\", \"T1049\", \"T1053\", \"T1055\", \"T1056\", \"T1057\", \"T1059\", \"T1070\", \"T1071\", \"T1078\", \"T1082\", \"T1083\", \"T1087\", \"T1090\", \"T1095\", \"T1098\", \"T1102\", \"T1105\", \"T1106\", \"T1110\", \"T1113\", \"T1115\", \"T1119\", \"T1129\", \"T1132\", \"T1133\", \"T1140\", \"T1189\", \"T1190\", \"T1199\", \"T1202\", \"T1203\", \"T1204\", \"T1217\", \"T1218\", \"T1219\", \"T1485\", \"T1486\", \"T1489\", \"T1505\", \"T1518\", \"T1543\", \"T1547\", \"T1548\", \"T1552\", \"T1553\", \"T1561\", \"T1562\", \"T1565\", \"T1566\", \"T1569\", \"T1573\", \"T1574\"]\nIndustries: [\"Finance\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736669785", "to_ids": false, "type": "threat-actor", "uuid": "859ce407-2222-4167-9c18-be1969568d1d", "value": "Lazarus Group" }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039634", "to_ids": true, "type": "ip-dst", "uuid": "2c17c956-211e-4f76-97df-28f3a6a8e6a4", "value": "112.175.92.57", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e44b9d", "local": false, "name": "asn:asn=\"4766\"", "relationship_type": "" }, { "colour": "#dfa1b3", "local": false, "name": "asn:as-owner=\"KIXS-AS-KR Korea Telecom\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039636", "to_ids": true, "type": "ip-dst", "uuid": "eb331f59-e314-4311-a571-870ca2ea9079", "value": "113.114.117.122", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#9ef9a4", "local": false, "name": "asn:asn=\"4134\"", "relationship_type": "" }, { "colour": "#2f9c31", "local": false, "name": "asn:as-owner=\"CHINANET-BACKBONE No.31,Jin-rong Street\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039640", "to_ids": true, "type": "ip-dst", "uuid": "e8537e74-32cf-4363-baa9-a3a0d3531573", "value": "117.239.241.2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#056573", "local": false, "name": "asn:asn=\"9829\"", "relationship_type": "" }, { "colour": "#d41912", "local": false, "name": "asn:as-owner=\"BSNL-NIB National Internet Backbone\"", "relationship_type": "" }, { "colour": "#8569b9", "local": false, "name": "asn:as-country=\"IN\"", "relationship_type": "" }, { "colour": "#5b5fae", "local": false, "name": "misp-galaxy:country=\"india\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1740789361", "to_ids": true, "type": "ip-dst", "uuid": "192b6394-3c1c-49dd-8155-0afa5e3fdb15", "value": "119.18.230.253", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382415", "to_ids": true, "type": "ip-dst", "uuid": "c8f88673-ef3a-42a2-854e-264d1250fedb", "value": "128.200.115.228", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c5b000", "local": false, "name": "asn:asn=\"299\"", "relationship_type": "" }, { "colour": "#d62b29", "local": false, "name": "asn:as-owner=\"UCINET-AS\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382416", "to_ids": true, "type": "ip-dst", "uuid": "a3320a4f-ddb9-48e5-9d90-7fcdadd7bb22", "value": "137.139.135.151", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#1c7da3", "local": false, "name": "asn:asn=\"398914\"", "relationship_type": "" }, { "colour": "#e2d671", "local": false, "name": "asn:as-owner=\"SUNYOW\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382417", "to_ids": true, "type": "ip-dst", "uuid": "356a6548-dd61-4d02-ad27-09e4e92dc41d", "value": "14.140.116.172", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4e79d2", "local": false, "name": "asn:asn=\"4755\"", "relationship_type": "" }, { "colour": "#29e5dd", "local": false, "name": "asn:as-owner=\"TATACOMM-AS TATA Communications formerly VSNL is Leading ISP\"", "relationship_type": "" }, { "colour": "#8569b9", "local": false, "name": "asn:as-country=\"IN\"", "relationship_type": "" }, { "colour": "#5b5fae", "local": false, "name": "misp-galaxy:country=\"india\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382419", "to_ids": true, "type": "ip-dst", "uuid": "72ef8fbb-8454-4405-a685-7e773f4017bd", "value": "181.39.135.126", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#deaf76", "local": false, "name": "asn:asn=\"27947\"", "relationship_type": "" }, { "colour": "#c4662c", "local": false, "name": "asn:as-owner=\"Telconet S.A\"", "relationship_type": "" }, { "colour": "#c758f2", "local": false, "name": "asn:as-country=\"EC\"", "relationship_type": "" }, { "colour": "#d0adf1", "local": false, "name": "misp-galaxy:country=\"ecuador\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1740789467", "to_ids": true, "type": "ip-dst", "uuid": "93b978b6-fbf0-4a06-a25c-0ab5affb0c9c", "value": "186.169.2.237", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382421", "to_ids": true, "type": "ip-dst", "uuid": "5b80b61c-a57f-4ed0-b6f7-c9407cc54aa2", "value": "195.158.234.60", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#729f65", "local": false, "name": "asn:asn=\"45035\"", "relationship_type": "" }, { "colour": "#77bd81", "local": false, "name": "asn:as-owner=\"RO3D-AS Academiei nr. 4-6 B\"", "relationship_type": "" }, { "colour": "#26f3a1", "local": false, "name": "asn:as-country=\"RO\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"romania\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382422", "to_ids": true, "type": "ip-dst", "uuid": "bf1635a6-1975-433e-89b9-cab16f72103d", "value": "197.211.212.59", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a6568c", "local": false, "name": "asn:asn=\"37332\"", "relationship_type": "" }, { "colour": "#1d2097", "local": false, "name": "asn:as-owner=\"ZOL\"", "relationship_type": "" }, { "colour": "#c72e19", "local": false, "name": "asn:as-country=\"ZW\"", "relationship_type": "" }, { "colour": "#3f021a", "local": false, "name": "misp-galaxy:country=\"zimbabwe\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382423", "to_ids": true, "type": "ip-dst", "uuid": "bbd62fa2-8b7e-4f3c-ad0e-d6f8792694a9", "value": "21.252.107.198", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#5847b4", "local": false, "name": "asn:asn=\"749\"", "relationship_type": "" }, { "colour": "#2236dd", "local": false, "name": "asn:as-owner=\"DNIC-AS-00749\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382425", "to_ids": true, "type": "ip-dst", "uuid": "b168c385-0e68-432a-b06f-1fcbe8194df7", "value": "210.137.6.37", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#3eeefd", "local": false, "name": "asn:asn=\"2907\"", "relationship_type": "" }, { "colour": "#f49362", "local": false, "name": "asn:as-owner=\"SINET-AS Research Organization of Information and Systems, National Institute of Informatics\"", "relationship_type": "" }, { "colour": "#bab83b", "local": false, "name": "asn:as-country=\"JP\"", "relationship_type": "" }, { "colour": "#e8b447", "local": false, "name": "misp-galaxy:country=\"japan\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382426", "to_ids": true, "type": "ip-dst", "uuid": "78fc0d5d-ce4c-43fd-bfce-ac8fa10c068b", "value": "217.117.4.110", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#86c347", "local": false, "name": "asn:asn=\"16284\"", "relationship_type": "" }, { "colour": "#1dc7cd", "local": false, "name": "asn:as-owner=\"Inq-Digital-Nigeria-AS\"", "relationship_type": "" }, { "colour": "#44bd3e", "local": false, "name": "asn:as-country=\"NG\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"nigeria\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382427", "to_ids": true, "type": "ip-dst", "uuid": "ae728b70-09e1-4dec-8222-60a48ef6db21", "value": "218.255.24.226", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#477bda", "local": false, "name": "asn:asn=\"9381\"", "relationship_type": "" }, { "colour": "#1a7131", "local": false, "name": "asn:as-owner=\"HKBNES-AS-AP HKBN Enterprise Solutions HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382429", "to_ids": true, "type": "ip-dst", "uuid": "b616b179-9aac-46b0-a444-b7df13d5920d", "value": "221.138.17.152", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#379b75", "local": false, "name": "asn:asn=\"9318\"", "relationship_type": "" }, { "colour": "#6cba3c", "local": false, "name": "asn:as-owner=\"SKB-AS SK Broadband Co Ltd\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382430", "to_ids": true, "type": "ip-dst", "uuid": "b353c19d-3259-4ef8-a7bd-279212a3bd49", "value": "26.165.218.44", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#5847b4", "local": false, "name": "asn:asn=\"749\"", "relationship_type": "" }, { "colour": "#2236dd", "local": false, "name": "asn:as-owner=\"DNIC-AS-00749\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382432", "to_ids": true, "type": "ip-dst", "uuid": "4bff6c7b-098a-4542-8061-c8e1fb759c48", "value": "47.206.4.145", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#859a93", "local": false, "name": "asn:asn=\"5650\"", "relationship_type": "" }, { "colour": "#38b427", "local": false, "name": "asn:as-owner=\"FRONTIER-FRTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382433", "to_ids": true, "type": "ip-dst", "uuid": "ebff8100-f5a4-428c-95b4-5f335f6038f8", "value": "70.224.36.194", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6dc194", "local": false, "name": "asn:asn=\"7018\"", "relationship_type": "" }, { "colour": "#f71a75", "local": false, "name": "asn:as-owner=\"ATT-INTERNET4\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382434", "to_ids": true, "type": "ip-dst", "uuid": "8d265e36-e4f9-4131-b0ad-7b392cd0e7b8", "value": "81.94.192.10", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e54b77", "local": false, "name": "asn:asn=\"20860\"", "relationship_type": "" }, { "colour": "#b7bc6d", "local": false, "name": "asn:as-owner=\"IOMART-AS\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382436", "to_ids": true, "type": "ip-dst", "uuid": "c9a23b91-36bf-45fa-a1da-b13605e3584e", "value": "81.94.192.147", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e54b77", "local": false, "name": "asn:asn=\"20860\"", "relationship_type": "" }, { "colour": "#b7bc6d", "local": false, "name": "asn:as-owner=\"IOMART-AS\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382437", "to_ids": true, "type": "ip-dst", "uuid": "0de19ebc-c64c-4bfd-94fc-ac04f27fed98", "value": "84.49.242.125", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#131e26", "local": false, "name": "asn:asn=\"15659\"", "relationship_type": "" }, { "colour": "#acd522", "local": false, "name": "asn:as-owner=\"NEXTGENTEL NEXTGENTEL Autonomous System\"", "relationship_type": "" }, { "colour": "#91fb7b", "local": false, "name": "asn:as-country=\"NO\"", "relationship_type": "" }, { "colour": "#e22b1e", "local": false, "name": "misp-galaxy:country=\"norway\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "HOPLIGHT C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382438", "to_ids": true, "type": "ip-dst", "uuid": "5c05c207-96cb-49a2-a193-c236d3967b32", "value": "97.90.44.200", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#eb7a26", "local": false, "name": "asn:asn=\"20115\"", "relationship_type": "" }, { "colour": "#8f7e42", "local": false, "name": "asn:as-owner=\"CHARTER-20115\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Analysis indicates the malware decrypts \"info.dat\" utilizing what appears to be the AES encryption algorithm. The key utilized for this decryption is this one", "deleted": false, "disable_correlation": false, "timestamp": "1746475696", "to_ids": false, "type": "text", "uuid": "022b1c62-7f2f-4f2a-b48f-66e7c48c57a3", "value": "89*(w8y92r3y9*yIy(8Y23RHWIEFH238" }, { "category": "Other", "comment": "The decrypted contents of \"info.dat\" are then parsed. Sub-components of the file are then further decoded using this hard-coded rotating XOR cipher", "deleted": false, "disable_correlation": false, "timestamp": "1746475747", "to_ids": false, "type": "text", "uuid": "db8dca28-7e9b-4dea-baa9-2dc734fa6730", "value": "963007772C610EEEBA51099919C46D078FF46A7035A563E9A395649E3288DB0EA4B8DC791EE9D5E088D9D2972B4CB609BD7CB17E072DB8E7911DBF906410B71DF220B06A4871B9F3DE41BE847DD4DA1AEBE4DD6D51B5D4F4C785D38356986C13C0A86B647AF962FDECC9658A4F5C0114D96C0663633D0FFAF50D088DC8206E3B5E10694CE44160D5727167A2D1E4033C47D4044BFD850DD26BB50AA5FAA8B5356C98B242D6C9BBDB40F9BCACE36CD832755CDF45CF0DD6DC593DD1ABAC30D9263A00DE518051D7C81661D0BFB5F4B42123C4B3569995BACF0FA5BDB89EB802280888055FB2D90CC624E90BB1877C6F2F114C6858AB1D61C13D2D66B69041DC760671DB01BC20D2982A10D5EF8985B1711FB5B606A5E4BF9F33D4B8E8A2C9077834F9000F8EA8099618980EE1BB0D6A7F2D3D6D08976C6491015C63E6F4516B6B62616C1CD83065854E0062F2ED95066C7BA5011BC1F4088257C40FF5C6D9B06550E9B712EAB8BE8B7C88B9FCDF1DDD62492DDA15F37CD38C654CD4FB5861B24DCE51B53A7400BCA3E230BBD441A5DF4AD795D83D6DC4D1A4FBF4D6D36AE96943FCD96E34468867ADD0B860DA732D0444E51D03335F4C0AAAC97C0DDD3C710550AA41022710100BBE86200CC925B56857B3856F2009D466B99FE461CE0EF9DE5E98C9D9292298D0B0B4A8D7C7173DB359810DB42E3B5CBDB7AD6CBAC02083B8EDB6B3BF9A0CE2B6039AD2B1743947D5EAAF77D29D1526DB048316DC73120B63E3843B64943E6A6D0DA85A6A7A0BCF0EE49DFF099327AE000AB19E077D44930FF0D2A3088768F2011EFEC206695D5762F7CB67658071366C19E7066B6E761BD4FEE02BD3895A7ADA10CC4ADD676FDFB9F9F9EFBE8E43BEB717D58EB060E8A3D6D67E93D1A1C4C2D83852F2DF4FF167BBD16757BCA6DD06B53F4B36B248DA2B0DD84C1B0AAFF64A0336607A0441C3EF60DF55DF67A8EF8E6E3179BE69468CB361CB1A8366BCA0D26F2536E2685295770CCC03470BBBB91602222F260555BE3BBAC5280BBDB2925AB42B046AB35CA7FFD7C231CFD0B58B9ED92C1DAEDE5BB0C2649B26F263EC9CA36A750A936D02A906099C3F360EEB8567077213570005824ABF95147AB8E2AE2BB17B381BB60C9B8ED2920DBED5E5B7EFDC7C21DFDB0BD4D2D38642E2D4F1F8B3DD686E83DA1FCD16BE815B26B9F6E177B06F7747B718E65A0888706A0FFFCA3B06665C0B0111FF9E658F69AE62F8D3FF6B6145CF6C1678E20AA0EED20DD75483044EC2B30339612667A7F71660D04D476949DB776E3E4A6AD1AEDC5AD6D9660BDF40F03BD83753AEBCA9C59EBBDE7FCFB247E9FFB5301CF2BDBD8AC2BACA3093B353A6A3B4240536D0BA9306D7CD2957DE54BF67D9232E7A66B3B84A61C4021B685D942B6F2A37BE0BB4A18E0CC31BDF055A8DEF022D759800007398" }, { "category": "Other", "comment": "The encryption that is used for all log/config files is likely an AES variant with the following keys", "deleted": false, "disable_correlation": false, "timestamp": "1746475792", "to_ids": false, "type": "text", "uuid": "4bcfe64e-5dc5-448e-942c-bc764b6ec983", "value": "zRuaDglxjec^tDtt" }, { "category": "Other", "comment": "The encryption that is used for all log/config files is likely an AES variant with the following keys", "deleted": false, "disable_correlation": false, "timestamp": "1746475814", "to_ids": false, "type": "text", "uuid": "80c4fb68-6906-472c-8994-5ff465791bec", "value": "Slsklqc^mNgq`lyz" }, { "category": "Other", "comment": "strings are RC4 encrypted with the key \u201ckey\u201d", "deleted": false, "disable_correlation": false, "timestamp": "1746475914", "to_ids": false, "type": "text", "uuid": "a6a89495-2fe3-43b1-9717-7beebc27a486", "value": "key" } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740299828", "uuid": "af9eac3b-b473-4ba5-95dd-fb8b7b23cd1a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740299828", "to_ids": false, "type": "comment", "uuid": "40c1737e-3f93-452d-840a-4b71a2e2f73f", "value": "Detects strings in ECCENTRICBANDWAGON proxy tool" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740299828", "to_ids": true, "type": "yara", "uuid": "c049ec4c-aa2c-46b7-aede-189c3002e13c", "value": "rule CISA_3P_10301706_01: HiddenCobra ECCENTRICBANDWAGON backdoor keylogger reconnaissance screencapture spyware trojan\r\n{\r\n meta:\r\n Author = \"CISA Trusted Third Party\"\r\n Incident = \"10301706.r1.v1\"\r\n Date = \"2020-08-11\"\r\n Actor = \"Hidden Cobra\"\r\n Category = \"Backdoor Keylogger Reconnaissance Screen-Capture Spyware Trojan\"\r\n Family = \"ECCENTRICBANDWAGON\"\r\n Description = \"Detects strings in ECCENTRICBANDWAGON proxy tool\"\r\n MD5_1 = \"d45931632ed9e11476325189ccb6b530\"\r\n SHA256_1 = \"efd470cfa90b918e5d558e5c8c3821343af06eedfd484dfeb20c4605f9bdc30e\"\r\n MD5_2 = \"acd15f4393e96fe5eb920727dc083aed\"\r\n SHA256_2 = \"32a4de070ca005d35a88503717157b0dc3f2e8da76ffd618fca6563aec9c81f8\"\r\n MD5_3 = \"34404a3fb9804977c6ab86cb991fb130\"\r\n SHA256_3 = \"c6930e298bba86c01d0fe2c8262c46b4fce97c6c5037a193904cfc634246fbec\"\r\n MD5_4 = \"3122b0130f5135b6f76fca99609d5cbe\"\r\n SHA256_4 = \"9ea5aa00e0a738b74066c61b1d35331170a9e0a84df1cc6cef58fd46a8ec5a2e\"\r\n strings:\r\n $sn1 = {\r\n FB 19 9D 57[1 - 6]9A D1 D6 D1[1 - 6]42 9E D8 FD\r\n }\r\n $sn2 = {\r\n 4F 03 43 83[1 - 6]48 E0 1A 2E[1 - 6]3B FD FD FD\r\n }\r\n $sn3 = {\r\n 68 56 68 9A[1 - 12]4D E1 1F 25[1 - 12]3F 38 54 0F[1 - 12]73 30 62 A1[1 - 12]DB 39 BD 56\r\n }\r\n $sn4 = \"%s\\\\chromeupdater_ps_%04d%02d%02d_%02d%02d%02d_%03d_%d\" wide ascii nocase\r\n $sn5 = \"c:\\\\windows\\\\temp\\\\TMP0389A.tmp\" wide ascii nocase\r\n condition:\r\n any of them\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740299828", "to_ids": false, "type": "text", "uuid": "e8d26a83-cca4-4fb9-a2ab-dcfb2742dfb3", "value": "CISA_3P_10301706_01: HiddenCobra ECCENTRICBANDWAGON backdoor keylogger reconnaissance screencapture spyware trojan" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740300109", "uuid": "23340e0f-8f53-4eaa-971a-ffbb38261a3a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740300109", "to_ids": false, "type": "comment", "uuid": "b72a5048-5bf0-4c81-b786-43c3970d805b", "value": "Detects logging functionality" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740300109", "to_ids": true, "type": "yara", "uuid": "baa2b1cf-7f1e-41c9-970e-e56876ae2abb", "value": "rule electricfish {\r\n meta:\r\n Author = \"CISA trusted 3rd party\"\r\n Incident = \"10135536\"\r\n Date = \"2019-08-14\"\r\n Category = \"Hidden_Cobra\"\r\n Family = \"ELECTRICFISH\"\r\n Description = \"Detects logging functionality\"\r\n MD5_1 = \"0ba6bb2ad05d86207b5303657e3f6874\"\r\n SHA256_1 = \"7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1\"\r\n strings:\r\n $ = \"LLgcIP\"\r\n $ = \"CCGC_LOG\"\r\n $ = \"LLGC_LOG\"\r\n condition:\r\n uint16(0) == 0x5a4d and uint16(uint32(0x3c)) == 0x4550 and all of them\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740300109", "to_ids": false, "type": "text", "uuid": "20d7fddf-4bdf-449a-a3f1-854fc0e05e7e", "value": "electricfish" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740300208", "uuid": "928853a9-7993-4b8d-8d34-60715f9eae93", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740300208", "to_ids": false, "type": "comment", "uuid": "4748e7be-762c-4462-b76e-6dc808b8ee2b", "value": "n/a" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740300208", "to_ids": true, "type": "yara", "uuid": "80e7e955-e8e8-46ac-8a69-7b6bc7f11075", "value": "rule CISA_10257062_01 : ATM_Malware\r\n{\r\n meta:\r\n Author = \"CISA Code & Media Analysis\"\r\n Incident = \"10257062\"\r\n Date = \"2019-09-26\"\r\n Last_Modified = \"20200117_1732\"\r\n Actor = \"n/a\"\r\n Category = \"Financial\"\r\n Family = \"ATM_Malware\"\r\n Description = \"n/a\"\r\n MD5_1 = \"c4141ee8e9594511f528862519480d36\"\r\n SHA256_1 = \"129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0\"\r\n strings:\r\n $x3 = \"RECV SOCK= 0x%p, BUF= 0x%p, LEN= 0x%08X, RET= %08X, IP= %s, Port= %d\" fullword ascii\r\n $x4 = \"init_hashmap succ\" fullword ascii\r\n $x5 = \"89*(w8y92r3y9*yI2H28Y9(*y3@*\" fullword ascii\r\n condition:\r\n ($x3) and ($x4) and ($x5)\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740300208", "to_ids": false, "type": "text", "uuid": "77c3d06c-0459-469a-8e98-2ed07685bdd0", "value": "CISA_10257062_01 : ATM_Malware" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740300267", "uuid": "186d37c6-2cb7-4e5d-a347-e662dcc2ae70", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740300267", "to_ids": false, "type": "comment", "uuid": "3037cdf7-8961-4112-bca8-a8854da39560", "value": "Detects HiddenCobra FASTCASH samples" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740300267", "to_ids": true, "type": "yara", "uuid": "6f1e046b-d250-4d94-8538-12c86a799fc3", "value": "rule CISA_3P_10257062 : HiddenCobra FASTCASH trojan\r\n{\r\n meta:\r\n Author = \"CISA Trusted Third Party\"\r\n Incident = \"10257062\"\r\n Date = \"2020-08-11\"\r\n Actor = \"Hidden Cobra\"\r\n Category = \"Trojan\"\r\n Family = \"FASTCASH\"\r\n Description = \"Detects HiddenCobra FASTCASH samples\"\r\n MD5_1 = \"a2b1a45a242cee03fab0bedb2e460587\"\r\n SHA256_1 = \"5cb7a352535b447609849e20aec18c84d8b58e377d9c6365eafb45cdb7ef949b\"\r\n strings:\r\n $sn_config_key1 = \"Slsklqc^mNgq`lyznqr[q^123\"\r\n $sn_config_key2 = \"zRuaDglxjec^tDttSlsklqc^m\"\r\n $sn_logfile1 = \"C:\\\\intel\\\\_DMP_V\\\\spvmdl.dat\"\r\n $sn_logfile2 = \"C:\\\\intel\\\\_DMP_V\\\\spvmlog_%X.dat\"\r\n $sn_logfile3 = \"C:\\\\intel\\\\_DMP_V\\\\TMPL_%X.dat\"\r\n $sn_logfile4 = \"C:\\\\intel\\\\mvblk.dat\"\r\n $sn_logfile5 = \"C:\\\\intel\\\\_DMP_V\\\\spvmsuc.dat\"\r\n condition:\r\n all of ($sn*)\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740300267", "to_ids": false, "type": "text", "uuid": "cab58537-55a1-4c44-a09b-8454648f6103", "value": "CISA_3P_10257062 : HiddenCobra FASTCASH trojan" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740300444", "uuid": "740f1d9c-f10d-4007-a673-7bef081c0d7b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740300444", "to_ids": false, "type": "comment", "uuid": "cfe4d577-dfa7-4f95-af0b-d3b44492b7ea", "value": "crypt_constants_2" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740300444", "to_ids": true, "type": "yara", "uuid": "df0e4ef9-bfe4-41f9-bda0-13e6c3215c00", "value": "rule crypt_constants_2\r\n{\r\nmeta:\r\n Author=\"NCCIC trusted 3rd party\"\r\n Incident=\"10135536\"\r\n Date = \"2018/04/19\" \r\n category = \"hidden_cobra\"\r\n family = \"n/a\"\r\n description = \"n/a\"\r\nstrings:\r\n $ = {efcdab90}\r\n $ = {558426fe}\r\n $ = {7856b4c2}\r\ncondition:\r\n (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740300444", "to_ids": false, "type": "text", "uuid": "f9cbd04f-0f2b-4069-9d6e-e98484c43194", "value": "crypt_constants_2" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740300472", "uuid": "9868685e-971d-4b5e-92eb-6cf1027c9134", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740300472", "to_ids": false, "type": "comment", "uuid": "4d17c082-39ca-4973-bfcb-916c4075264c", "value": "lsfr_constants" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740300472", "to_ids": true, "type": "yara", "uuid": "a83b0383-c64e-40a7-b5ae-d85e2e4e507a", "value": "rule lsfr_constants\r\n{\r\nmeta:\r\n Author=\"NCCIC trusted 3rd party\"\r\n Incident=\"10135536\"\r\n Date = \"2018/04/19\" \r\n category = \"hidden_cobra\"\r\n family = \"n/a\"\r\n description = \"n/a\"\r\nstrings:\r\n $ = {efcdab90}\r\n $ = {558426fe}\r\n $ = {7856b4c2}\r\ncondition:\r\n (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and all of them\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740300472", "to_ids": false, "type": "text", "uuid": "b48e7de5-d796-4235-8c09-133510602176", "value": "lsfr_constants" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740300498", "uuid": "421c978b-046c-4358-bd12-6504b5a68b22", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740300498", "to_ids": false, "type": "comment", "uuid": "1360ed4c-8f3f-4fcc-94ce-30152e61fcdb", "value": "polarSSL_servernames" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740300498", "to_ids": true, "type": "yara", "uuid": "60b11931-2374-4ab1-bc2c-bcf562a9caa8", "value": "rule polarSSL_servernames\r\n{\r\nmeta:\r\n Author=\"NCCIC trusted 3rd party\"\r\n Incident=\"10135536\"\r\n Date = \"2018/04/19\" \r\n category = \"hidden_cobra\"\r\n family = \"n/a\"\r\n description = \"n/a\"\r\nstrings:\r\n $polarSSL = \"fjiejffndxklfsdkfjsaadiepwn\"\r\n $sn1 = \"www.google.com\"\r\n $sn2 = \"www.naver.com\"\r\ncondition:\r\n (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) -- 0x4550) and ($polarSSL and 1 of ($sn*))\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740300498", "to_ids": false, "type": "text", "uuid": "6d07f9a9-0d30-427c-b8a7-9946e23139bc", "value": "polarSSL_servernames" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740300676", "uuid": "e5c540d8-6a54-4450-a6dd-ae03deb0bfe8", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740300676", "to_ids": false, "type": "comment", "uuid": "399b07ae-b3de-4d1b-8cd3-5556c442f898", "value": "Detects strings in TWOPENCE proxy tool" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740300676", "to_ids": true, "type": "yara", "uuid": "5d1ee4c9-feb6-453c-94a7-c92bcc7093f5", "value": "rule CISA_3P_10301706_02 : HiddenCobra TWOPENCE backdoor dropper proxy spyware trojan\r\n{\r\n meta:\r\n Author = \"CISA Trusted Third Party\"\r\n Incident = \"10301706.r2.v1\"\r\n Date = \"2020-08-11\"\r\n Actor = \"Hidden Cobra\"\r\n Category = \"Backdoor Dropper Proxy Spyware Trojan\"\r\n Family = \"TWOPENCE\"\r\n Description = \"Detects strings in TWOPENCE proxy tool\"\r\n MD5_1 = \"40e698f961eb796728a57ddf81f52b9a\"\r\n SHA256_1 = \"a917c1cc198cf36c0f2f6c24652e5c2e94e28d963b128d54f00144d216b2d118\"\r\n MD5_2 = \"dfd09e91b7f86a984f8687ed6033af9d\"\r\n SHA256_2 = \"aca598e2c619424077ef8043cb4284729045d296ce95414c83ed70985c892c83\"\r\n MD5_3 = \"bda82f0d9e2cb7996d2eefdd1e5b41c4\"\r\n SHA256_3 = \"f3ca8f15ca582dd486bd78fd57c2f4d7b958163542561606bebd250c827022de\"\r\n MD5_4 = \"97aaf130cfa251e5207ea74b2558293d\"\r\n SHA256_4 = \"9a776b895e93926e2a758c09e341accb9333edc1243d216a5e53f47c6043c852\"\r\n MD5_5 = \"889e320cf66520485e1a0475107d7419\"\r\n SHA256_5 = \"8cad61422d032119219f465331308c5a61e21c9a3a431b88e1f8b25129b7e2a1\"\r\n strings:\r\n $cmd1 = \"ssylka\"\r\n $cmd2 = \"ustanavlivat\"\r\n $cmd3 = \"poluchit\"\r\n $cmd4 = \"pereslat\"\r\n $cmd5 = \"derzhat\"\r\n $cmd6 = \"vykhodit\"\r\n $cmd7 = \"Nachalo\"\r\n $cmd8 = \"kliyent2podklyuchit\"\r\n $frmt1 = \"Host: %s%s%s:%hu\"\r\n $frmt2 = \"%s%s%s%s%s%s%s%s%s%s\"\r\n condition:\r\n (4 of ($cmd*)) and (1 of ($frmt*))\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740300676", "to_ids": false, "type": "text", "uuid": "24540636-5345-4e4a-8594-1ffaa174d6a0", "value": "CISA_3P_10301706_02 : HiddenCobra TWOPENCE backdoor dropper proxy spyware trojan" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981288", "uuid": "9ebb4aec-350d-4062-acfb-2da166cb22d6", "Attribute": [ { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981288", "to_ids": true, "type": "md5", "uuid": "fe2cbe47-9e4f-44e2-953d-e576e54baed1", "value": "d45931632ed9e11476325189ccb6b530", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981288", "to_ids": true, "type": "sha1", "uuid": "dcc43f36-3e85-455c-ad2f-62ece14bffb9", "value": "081d5bd155916f8a7236c1ea2148513c0c2c9a33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981288", "to_ids": true, "type": "sha256", "uuid": "e03368a6-d4c4-43a9-9f44-ec389b182fca", "value": "efd470cfa90b918e5d558e5c8c3821343af06eedfd484dfeb20c4605f9bdc30e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740300823", "to_ids": true, "type": "ssdeep", "uuid": "e5973d20-02e8-436a-a065-2972f9c9376e", "value": "3072:t+N02CVLOJdCPQhVNRTzcb/YrgHdnG6ioaa5IR:sO2qO3CPkRTz8YrgHdGBoa1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740300823", "to_ids": false, "type": "size-in-bytes", "uuid": "57bd0c35-bafb-4496-973f-f6b231aea046", "value": "138240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740300823", "to_ids": true, "type": "vhash", "uuid": "0386aa1a-570f-4758-ac0c-3bee7b7ad825", "value": "115066655d15555517z8005bjz11zdez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740300823", "to_ids": true, "type": "filename", "uuid": "e777b981-a529-46f2-a594-852ddf322362", "value": "efd470cfa90b918e5d558e5c8c3821343af06eedfd484dfeb20c4605f9bdc30e.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 10/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740300823", "to_ids": false, "type": "text", "uuid": "1cf61104-c051-45a5-8d7d-ec12b106aab5", "value": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Occamy.CEF\nVT Total Detection:59/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "a651694e-f195-4dff-ae8a-981e6ab8d0ac", "Attribute": [ { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981288", "to_ids": true, "type": "md5", "uuid": "a1f76f37-6c03-484e-abb3-ce3e1e8ac60d", "value": "acd15f4393e96fe5eb920727dc083aed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981288", "to_ids": true, "type": "sha1", "uuid": "01fdf1a7-b5e6-48da-b4ad-3cc09bdfc63b", "value": "c92529097cad8996f3a3c8eb34b56273c29bdce5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "7da31758-976e-4de5-b1c6-ac161ed5d4af", "value": "32a4de070ca005d35a88503717157b0dc3f2e8da76ffd618fca6563aec9c81f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740300845", "to_ids": true, "type": "ssdeep", "uuid": "c9115999-281d-4322-9a2d-6719a18c9df1", "value": "3072:t+N02CVLOJdCPQhVNRTzcb/YrgHdnG6ioaa5IR:sO2qO3CPkRTz8YrgHdGBoa1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740300845", "to_ids": false, "type": "size-in-bytes", "uuid": "2971bf75-b505-4ba8-a003-c6b6defa9691", "value": "138243" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740300845", "to_ids": true, "type": "vhash", "uuid": "e66cb06a-6214-4372-93c3-4a53898f1d11", "value": "115066655d15555517z8005bjz11zdez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740300845", "to_ids": true, "type": "filename", "uuid": "fac52205-57c5-44dc-81b1-b1aed784adc1", "value": "output.235077484.txt" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740300845", "to_ids": false, "type": "text", "uuid": "9e20cc74-436b-42f4-9692-1289bfb9e090", "value": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/AgentTesla!MSR\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "71ecb708-1495-4529-94fe-57e37e3bf577", "Attribute": [ { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "5f9ed094-d503-42e7-afa3-86d13c1495e1", "value": "34404a3fb9804977c6ab86cb991fb130", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "41192bfa-7983-4d0b-b11d-b301bc167170", "value": "b345e6fae155bfaf79c67b38cf488bb17d5be56d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "4a1c9c4b-c35c-4158-b56f-b03d2bd6a011", "value": "c6930e298bba86c01d0fe2c8262c46b4fce97c6c5037a193904cfc634246fbec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740300867", "to_ids": true, "type": "ssdeep", "uuid": "00700384-cc84-4ac9-a229-db7fa4a1b517", "value": "3072:AeO51bvWZElWhKQGhvNdx2GYZj+utNfBtZl7mGwwZWyNGVxBqu:A77beClWhKQG36UutNfB077Bqu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740300867", "to_ids": false, "type": "size-in-bytes", "uuid": "42720b63-3605-4f0e-8397-44b504dd4d1a", "value": "175104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740300867", "to_ids": true, "type": "vhash", "uuid": "97c3a41d-54e9-40bf-8d54-15321af3b682", "value": "015066655d1515556025z8005ajz11zdez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740300867", "to_ids": true, "type": "filename", "uuid": "446f9eec-7e7f-44f5-bbde-7e4818987695", "value": "34404a3fb9804977c6ab86cb991fb130.exe_" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740300867", "to_ids": false, "type": "text", "uuid": "a4259d3d-2fc5-4d6a-904b-fa6abdba9784", "value": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Occamy.CC6\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "a9a0e28a-b268-40fa-8db7-a1a2d59cc9c7", "Attribute": [ { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "db5eca2b-dd11-44e2-b5f0-9f6e6d9ff420", "value": "3122b0130f5135b6f76fca99609d5cbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "506a5d71-b68a-4381-836e-d2390689f755", "value": "ce6bc34b887d60f6d416a05d5346504c54cff030", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "b21f0807-f692-4a63-9cf8-f9b5285b2c8f", "value": "9ea5aa00e0a738b74066c61b1d35331170a9e0a84df1cc6cef58fd46a8ec5a2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740300889", "to_ids": true, "type": "ssdeep", "uuid": "2126e513-fdcd-4eaf-9f34-9f13774f75e1", "value": "3072:6usGRlrmZ8LP/LqdmpWOY9Y9EbyBFWnqD5W3P4Tp31oItN7W0rVu6eRDP/fJkkj7:67GTjOdCWOKXbyCnCEQTp2CE0/gh2W" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740300889", "to_ids": false, "type": "size-in-bytes", "uuid": "09f7e92c-36c1-43bb-8973-572717727768", "value": "210944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740300889", "to_ids": true, "type": "vhash", "uuid": "2b38de06-40c8-40da-953c-309b850f37c3", "value": "125076655d155515555025z8006kz11zdfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740300889", "to_ids": true, "type": "filename", "uuid": "37bdb0e5-593b-4909-a2d1-1ed0e74de8ee", "value": "9ea5aa00e0a738b74066c61b1d35331170a9e0a84df1cc6cef58fd46a8ec5a2e.exe.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740300889", "to_ids": false, "type": "text", "uuid": "39bd4558-92f8-4897-966a-022a533e71f2", "value": "ECCENTRICBANDWAGON- HIDDEN-COBRAbackdoorkeyloggerreconnaissancescreen-capturespywaretrojan\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malagent!MSR\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740789872", "uuid": "98d0f790-c580-4f99-b4ba-1877519b37f4", "Attribute": [ { "category": "Payload delivery", "comment": "ELECTRICFISH", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740789872", "to_ids": true, "type": "md5", "uuid": "b956484b-2bbc-4ef7-bea2-0a008d6a11a3", "value": "8d9123cd2648020292b5c35edc9ae22e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ELECTRICFISH", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306373", "to_ids": true, "type": "sha1", "uuid": "da24e86c-729a-42c7-9748-9d78bae2cf20", "value": "0939363ff55d914e92635e5f693099fb28047602", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ELECTRICFISH", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306373", "to_ids": true, "type": "sha256", "uuid": "7ca968a3-c497-4684-9184-9e2bdccd8957", "value": "a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740300910", "to_ids": true, "type": "ssdeep", "uuid": "98c919a3-14ca-404d-b591-928ca57e2da8", "value": "24576:HsO8RKL6OLnWZGFbHq0aMow5Q3gkD/74tU3hYPgP5IyrMsEOhVRpxHkADUHEPbzJ:0KjKHMbO3pkoBIyIstVRpxHL1bF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740300910", "to_ids": false, "type": "size-in-bytes", "uuid": "23e0478b-f695-4a44-845d-17bcaded5c54", "value": "1422336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740300910", "to_ids": true, "type": "vhash", "uuid": "bd84c214-a9d0-470e-9168-125b254e5ec6", "value": "016056656d5555614z72z66nz34z127z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740300910", "to_ids": true, "type": "filename", "uuid": "5a1e7b69-35ef-4861-b10b-183f2e9414b0", "value": "a1260fd3e9221d1bc5b9ece6e7a5a98669c79e124453f2ac58625085759ed3bb.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740300910", "to_ids": false, "type": "text", "uuid": "6d393a71-bde6-4f01-a065-24f02500f71c", "value": "ELECTRICFISH\r\nType Description: Win32 EXE\n\nMicrosoft: Ransom:Win32/Cobra\nVT Total Detection:61/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740789893", "uuid": "422210bc-b94f-4675-954d-9f2160d3b392", "Attribute": [ { "category": "Payload delivery", "comment": "ELECTRICFISH", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740789893", "to_ids": true, "type": "md5", "uuid": "92e378e7-36f4-4c89-82ff-043840a4267b", "value": "0ba6bb2ad05d86207b5303657e3f6874", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ELECTRICFISH", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306374", "to_ids": true, "type": "sha1", "uuid": "2d6c5d40-f365-4a94-8dc8-f795b7bd9bb4", "value": "ad44567c8709df4889d381a0a64cc4b49e5004c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ELECTRICFISH", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306375", "to_ids": true, "type": "sha256", "uuid": "19048236-7ba4-49ec-a316-5b67ec49ef56", "value": "7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740300932", "to_ids": true, "type": "ssdeep", "uuid": "f8ff7c67-9d28-4e26-917c-13b45a5eab69", "value": "24576:NUPhrrn8YtZM9hjGMjxyK9Ws/6oYJt1wY2ZJIZ7IOAZSRpxtwQDCbzEG:qKjGMjQcGsw7IFSRpxtnDCbF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740300932", "to_ids": false, "type": "size-in-bytes", "uuid": "f9d8abf7-c6a1-4ed3-a0c6-273ee340d1cf", "value": "1436160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740300932", "to_ids": true, "type": "vhash", "uuid": "852aaf4b-4167-4ff9-8ab2-18dd6be5bfbf", "value": "016056656d5555614z72z6anz34z127z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740300932", "to_ids": true, "type": "filename", "uuid": "0d701934-477b-498d-a1f1-32e628242869", "value": "7cf5d86cc75cd8f0e22e35213a9c051b740bd4667d9879a446f06277782bffd1.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 21/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740300932", "to_ids": false, "type": "text", "uuid": "f8286932-054c-4a8a-9eb6-1fdae7099e4d", "value": "ELECTRICFISH\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Skeeyah.A!MTB\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "1fd4f215-3755-4150-b117-ccf161a8177f", "Attribute": [ { "category": "Payload delivery", "comment": "FASTCASH for Windows", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "4fc54b27-afea-409b-9ddc-89b9a3a85a7b", "value": "89081f2e14e9266de8c042629b764926", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FASTCASH for Windows", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "34652601-ba14-4693-a4d9-59f1c4e71ca7", "value": "730c1b9e950932736fc4b02cbdb4e4e891485ac2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FASTCASH for Windows", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "ab5ec2fa-cbda-458e-9667-fec47d137517", "value": "39cbad3b2aac6298537a85f0463453d54ab2660c913f4f35ba98fffeb0b15655", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740300954", "to_ids": true, "type": "ssdeep", "uuid": "9f12d7bf-f56c-49eb-b136-47f169d29159", "value": "768:aQ1PWoWzXyjJsTKJUniYs1pdLn4nDT622YuYDIhscWTJqLPNofEDy9nAXmIEHbKa:aQ5WDziX+nD0LWT6FYZDgs5ULPIJEYp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740300954", "to_ids": false, "type": "size-in-bytes", "uuid": "d9a58546-2ef9-4e7e-aee6-803e803246e4", "value": "67448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740300954", "to_ids": true, "type": "vhash", "uuid": "bdc5df50-16c5-4d85-8496-e7f9f31a9ef8", "value": "064056655d15555038z4djz1jz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740300954", "to_ids": true, "type": "filename", "uuid": "0a4af7d3-3e4e-4466-b67d-7790e4aa6a6c", "value": "39cbad3b2aac6298537a85f0463453d54ab2660c913f4f35ba98fffeb0b15655.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 07/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740300954", "to_ids": false, "type": "text", "uuid": "ffb020dc-52c4-4cc7-99fe-8308ac11451e", "value": "FASTCASH for Windows\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/LazInjector.DD!MSR\nVT Total Detection:55/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "daaf51c4-1c58-45ba-9200-8e65fb8cc9ce", "Attribute": [ { "category": "Payload delivery", "comment": "FASTCASH for Windows", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "07e1ae71-08e8-454c-9dfc-a682a3a0cb8e", "value": "a2b1a45a242cee03fab0bedb2e460587", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FASTCASH for Windows", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "3bc48ed2-58a8-4c49-b4fd-eddbee6a1712", "value": "e9c9ef312370d995d303e8fc60de4e4765436f58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FASTCASH for Windows", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "a7c7d11c-22d7-4239-8ea0-ff5cc8f088ed", "value": "5cb7a352535b447609849e20aec18c84d8b58e377d9c6365eafb45cdb7ef949b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740300975", "to_ids": true, "type": "ssdeep", "uuid": "fb4c1b61-4e87-47cb-a468-47355d1c362c", "value": "3072:j5KO2SQhF+VJbGHMjjNNyCkeZjDYJklGCx:oO2SQT+nGHADyAZjJwC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740300975", "to_ids": false, "type": "size-in-bytes", "uuid": "38caa562-41ef-41a4-b21e-6ed3792fcf91", "value": "130560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740300975", "to_ids": true, "type": "vhash", "uuid": "74085921-0796-4ac5-8a04-730bc7dad19b", "value": "115056655d15555az56vzb7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740300975", "to_ids": true, "type": "filename", "uuid": "d746fb1c-e197-439a-8089-d771b7eec7dc", "value": "5cb7a352535b447609849e20aec18c84d8b58e377d9c6365eafb45cdb7ef949b.txt" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740300975", "to_ids": false, "type": "text", "uuid": "f2e1d704-e8b4-48e5-a979-35edd598e3de", "value": "FASTCASH for Windows\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/NukeSped!MSR\nVT Total Detection:56/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "274c0720-b5da-486f-918b-221c6ad16581", "Attribute": [ { "category": "Payload delivery", "comment": "FASTCASH for Windows", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "8605ccdb-0812-4fe4-9d92-025b923239b2", "value": "c4141ee8e9594511f528862519480d36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FASTCASH for Windows", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "9425b719-9881-4744-987f-41ae1b5eefb0", "value": "2b22d9c673d031dfd07986906184e1d31908cea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FASTCASH for Windows", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "9d76d92c-343f-4d57-ae6d-9dad2063f524", "value": "129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740300997", "to_ids": true, "type": "ssdeep", "uuid": "d4bd266c-4bec-45f9-aaea-ff4eee1f2a4d", "value": "3072:lUGDXTpE8AKDKDOf+8ZagCfG4aAzFdIARrhxg6/ZpDA:+GDXTpFDKDMZagX4aAB2Cg6hpD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740300997", "to_ids": false, "type": "size-in-bytes", "uuid": "3cc5edda-4471-4f5c-8791-286a22df280f", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740300997", "to_ids": true, "type": "vhash", "uuid": "58d3618f-b667-4a7e-a0e5-ed30609260ff", "value": "115046655d155az57vz77z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740300997", "to_ids": true, "type": "filename", "uuid": "0044e101-1cca-4789-a736-e29e0f0ca4a9", "value": "129b8825eaf61dcc2321aad7b84632233fa4bbc7e24bdf123b507157353930f0.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 28/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740300997", "to_ids": false, "type": "text", "uuid": "648dc1d7-7d5d-48be-b2ac-b6942c3a37f7", "value": "FASTCASH for Windows\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Banker!MSR\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740789979", "uuid": "08ed6145-d139-4d4f-ba8b-01b97cf5b77f", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740789979", "to_ids": true, "type": "md5", "uuid": "c3a5e30f-9ee3-4574-8641-c8311a138b36", "value": "23e27e5482e3f55bf828dab885569033", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306382", "to_ids": true, "type": "sha1", "uuid": "04360c6d-927d-43e4-91ee-0fda9e3f47ea", "value": "139b25e1ae32a8768238935a8c878bfbe2f89ef4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306382", "to_ids": true, "type": "sha256", "uuid": "748bf3af-8da0-4cdc-a288-bd472cebd5f7", "value": "05feed9762bc46b47a7dc5c469add9f163c16df4ddaafe81983a628da5714461", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301018", "to_ids": true, "type": "ssdeep", "uuid": "24e9bd39-55ef-4dd6-ac80-d9c16c7e7798", "value": "6144:YnDlYMzUvLFOL9wqk6+pqC8iooIBgajvQlm/Z0cp1:alYiXiooIKajvQeZ3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301018", "to_ids": false, "type": "size-in-bytes", "uuid": "7e1fb402-89d3-4ef1-b5d5-f1eb57260055", "value": "242688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301018", "to_ids": true, "type": "vhash", "uuid": "94a269aa-2384-4728-afb7-0788982b5e94", "value": "025056655d15555az5chz1bzb7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301018", "to_ids": true, "type": "filename", "uuid": "945746a4-fef2-4d66-933a-443bd86dcb8f", "value": "759486___5388a17c-628e-464f-bc03-62bed0c01761.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301018", "to_ids": false, "type": "text", "uuid": "4dd19fb6-ec60-4600-9fee-6edab3d997a9", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Ransom:Win32/Cobra\nVT Total Detection:64/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790000", "uuid": "b8471587-faf8-419a-9ac1-af2a7203dbd0", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790000", "to_ids": true, "type": "md5", "uuid": "6f05d4ba-2732-4948-a3f5-356803f60412", "value": "34e56056e5741f33d823859e77235ed9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306383", "to_ids": true, "type": "sha1", "uuid": "79f8c87b-e537-4f36-9f99-a5ef111b693e", "value": "fcc2dcbac7d3cbcf749f6aab2f37cc4b62d0bb64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306384", "to_ids": true, "type": "sha256", "uuid": "ec5f55f1-3d50-4fbd-8e35-3018ea641431", "value": "0608e411348905145a267a9beaf5cd3527f11f95c4afde4c45998f066f418571", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301040", "to_ids": true, "type": "ssdeep", "uuid": "860e7c23-7055-4a21-8464-a8fcfec4872e", "value": "3072:nQWbIWSGw0CkXbhM1Vsm5TJYwMrzPoXL8GnQj3y3:nR3SGQYM16m5TJDwPo7bUC3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301040", "to_ids": false, "type": "size-in-bytes", "uuid": "87885b64-c9c6-459b-b44a-f0ca36f02d02", "value": "151552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301040", "to_ids": true, "type": "vhash", "uuid": "bcb288f8-d316-40a2-a3d4-129bb5676a7c", "value": "015046655d157az133mz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301040", "to_ids": true, "type": "filename", "uuid": "15b088f2-2d4d-4990-97a6-be216ee9eed1", "value": "0608e411348905145a267a9beaf5cd3527f11f95c4afde4c45998f066f418571.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301040", "to_ids": false, "type": "text", "uuid": "29865b59-1965-43be-9922-a5f1cadf11bb", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Ransom:Win32/Cobra\nVT Total Detection:63/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790022", "uuid": "936fcaad-e8c2-4421-8719-ac3229aa2ecf", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790022", "to_ids": true, "type": "md5", "uuid": "b73afc15-4600-4326-8ff5-c62025748079", "value": "170a55f7c0448f1741e60b01dcec9cfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306385", "to_ids": true, "type": "sha1", "uuid": "a225d2ac-71a8-462b-9867-fc0e3d05ec3f", "value": "b6b84783816cca123adbc18e78d3b847f04f1d32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306385", "to_ids": true, "type": "sha256", "uuid": "064dfef5-a89d-4834-bdcb-38f294ffad94", "value": "084b21bc32ee19af98f85aee8204a148032ce7eabef668481b919195dd62b319", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301061", "to_ids": true, "type": "ssdeep", "uuid": "1ed3907a-255c-47dc-9421-d586bb226aa7", "value": "6144:XT1NVhDJSUaZcdHItR3SG88+Tlm5T7BRWj:xx9tuVSe+Tlm5Tt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301061", "to_ids": false, "type": "size-in-bytes", "uuid": "cf3b7ae4-517a-4aea-b7e4-b7d3556c196b", "value": "197632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301061", "to_ids": true, "type": "vhash", "uuid": "63bcc904-6029-434c-9398-a3c9cf370d51", "value": "115066651d6515155az41?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301061", "to_ids": true, "type": "filename", "uuid": "d34719d2-0d0c-43b1-b301-d9c0b1776762", "value": "084b21bc32ee19af98f85aee8204a148032ce7eabef668481b919195dd62b319.dll" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 20/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301061", "to_ids": false, "type": "text", "uuid": "822cc5fd-8071-472c-931e-72d09a69a501", "value": "HOPLIGHT\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Autophyte.E!dha\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790043", "uuid": "b4f97653-76c9-4b79-9a5c-a96a32fe7426", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790043", "to_ids": true, "type": "md5", "uuid": "87d63227-f948-43df-9383-f171583a1e81", "value": "868036e102df4ce414b0e6700825b319", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306387", "to_ids": true, "type": "sha1", "uuid": "f6f949a5-f19d-4fe2-bfe8-13df9cea0638", "value": "7f1e68d78e455aa14de9020abd2293c3b8ec6cf8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306387", "to_ids": true, "type": "sha256", "uuid": "5ffad477-e3af-41f4-a9bc-c60cdf3bb072", "value": "12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301083", "to_ids": true, "type": "ssdeep", "uuid": "be5b5848-9b49-4885-96b5-53c6d0ff7d0f", "value": "12288:eb/3G8vg+Rg1cvAHtE0MLa07rt5POui6z:+/3G8vg+pvi9Sa07rt4ui6z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301083", "to_ids": false, "type": "size-in-bytes", "uuid": "5a0874fc-fb7f-49e2-bed9-898a2bc24c54", "value": "453791" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301083", "to_ids": true, "type": "vhash", "uuid": "32d82966-732f-44a2-9120-17251d8a1cfe", "value": "045066655d1515551078z4e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301083", "to_ids": true, "type": "filename", "uuid": "a737bae3-4117-4d74-9f71-09a7cf12fa0a", "value": "12480585e08855109c5972e85d99cda7701fe992bc1754f1a0736f1eebcb004d.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 07/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301083", "to_ids": false, "type": "text", "uuid": "8db2dab8-7742-46aa-890c-5dfe7edc4a3e", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win64/Hoplight\nVT Total Detection:63/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790065", "uuid": "ed3296d2-bdd3-4eae-806c-9c7466cb9a50", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790065", "to_ids": true, "type": "md5", "uuid": "2b70a705-7f8f-41af-b028-69ebda02ea53", "value": "07d2b057d2385a4cdf413e8d342305df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306388", "to_ids": true, "type": "sha1", "uuid": "e9af755f-0f63-4cff-9886-9ccccad46065", "value": "1991e7797b2e97179b7604497f7f6c39eba2229b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306388", "to_ids": true, "type": "sha256", "uuid": "dedb9775-5844-4b68-b7ef-2b1a56c3631a", "value": "1a01b8a4c505db70f9e199337ce7f497b3dd42f25ad06487e29385580bca3676", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301104", "to_ids": true, "type": "ssdeep", "uuid": "fee000a3-731e-409a-aa66-973f6c8b7429", "value": "49152:2sn+T/ymkSsvc1vb+oNEOaPmztSWNz25hqhbR5C7kcaFZweRrjxQTgZdy:2sck5ojp+Ef25al5CyjwSJQMzy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301104", "to_ids": false, "type": "size-in-bytes", "uuid": "cfb925c9-a572-4c91-b897-548381d79f66", "value": "2608223" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301104", "to_ids": true, "type": "vhash", "uuid": "843732e6-e188-4768-ba58-d7ce58a34aa7", "value": "026066655d1555151048z52hz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301104", "to_ids": true, "type": "filename", "uuid": "07e66261-98be-4f1f-8f04-7a5d593da2f1", "value": "netbtugc.exe.mui" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301104", "to_ids": false, "type": "text", "uuid": "8233d83a-5023-49aa-a395-b6c7246350b5", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Ransom:Win32/Cobra!MSR\nVT Total Detection:63/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790086", "uuid": "2473cc15-d698-417e-8825-0cfc08ddeef6", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790086", "to_ids": true, "type": "md5", "uuid": "13022408-a8f5-42ea-863f-59e458f2f534", "value": "5c3898ac7670da30cf0b22075f3e8ed6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306390", "to_ids": true, "type": "sha1", "uuid": "39ce45e0-0637-4ea8-860a-5ddcc5386e28", "value": "91110c569a48b3ba92d771c5666a05781fdd6a57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306390", "to_ids": true, "type": "sha256", "uuid": "6cb54c0a-1f6f-4abb-845e-a300439e79fe", "value": "2151c1977b4555a1761c12f151969f8e853e26c396fa1a7b74ccbaf3a48f4525", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301126", "to_ids": true, "type": "ssdeep", "uuid": "d0a2d8a6-c2df-4f9d-8709-b0a27d77a8f0", "value": "3072:nKBzqEHcJw0sqz7vLFOLBAqui1mqLK1VaU9BzNRyHmdMaF0QqWN0Qjpthmu:nKg0cJ19z7vLFOLSqp0q7syHeFhnhm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301126", "to_ids": false, "type": "size-in-bytes", "uuid": "3001b6c1-cd06-47f7-8abf-87cfb78a287c", "value": "221184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301126", "to_ids": true, "type": "vhash", "uuid": "230f5a9c-2aa4-40c4-ae88-851293ddf937", "value": "025046656d151az6oz15zb7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301126", "to_ids": true, "type": "filename", "uuid": "52736612-269d-4fa0-bf7a-0a62a1da2799", "value": "HOPLIGHT" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301126", "to_ids": false, "type": "text", "uuid": "27a76c62-c7a9-447a-8d70-84f74f50d4c7", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Hoplight\nVT Total Detection:64/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790108", "uuid": "f47fc227-4ba2-431f-8130-3b255945c7e8", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790108", "to_ids": true, "type": "md5", "uuid": "f4c03f38-c44e-4246-aea9-04cd5d443726", "value": "38fc56965dccd18f39f8a945f6ebc439", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306391", "to_ids": true, "type": "sha1", "uuid": "2a157e00-8349-44a8-9764-5d6a8b13869d", "value": "50736517491396015afdf1239017b9abd16a3ce9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306392", "to_ids": true, "type": "sha256", "uuid": "adb6b2fe-2e5a-4944-b8fa-7bb316175048", "value": "32ec329301aa4547b4ef4800159940feb950785f1ab68d85a14d363e0ff2bc11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301147", "to_ids": true, "type": "ssdeep", "uuid": "8c02ab43-5dca-4d0e-9e62-2e7d0c2631d8", "value": "1536:kSQWbe9BzK0xGtGVyDBWikDsD3bG0aII2Tm5TPb+5MI7jcg9YL23O:fQWbIWSG61UD3bGUI2Tm5TP2Njcmn+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301147", "to_ids": false, "type": "size-in-bytes", "uuid": "ebf506c5-a667-43cd-8724-9fc3529e7627", "value": "122880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301147", "to_ids": true, "type": "vhash", "uuid": "564c888f-bec0-4974-a0b7-19b91804f4e5", "value": "015046655d151az1028hz11z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301147", "to_ids": true, "type": "filename", "uuid": "ccaeaa0d-5a49-4f0d-aabd-5ca328aadf53", "value": "sdchange.exe.mui" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301147", "to_ids": false, "type": "text", "uuid": "7bb66468-4c8c-4368-8892-2bfceaedd2e2", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Ransom:Win32/Cobra\nVT Total Detection:66/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790130", "uuid": "388b1a68-ce0f-4b24-907a-936385dea7e5", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790130", "to_ids": true, "type": "md5", "uuid": "6d934edb-73e2-47d8-93b7-cea7e7020964", "value": "42682d4a78fe5c2eda988185a344637d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306393", "to_ids": true, "type": "sha1", "uuid": "b470cb08-ee07-4e2e-b25c-39da3d0c767b", "value": "4975de2be0a1f7202037f5a504d738fe512191b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306393", "to_ids": true, "type": "sha256", "uuid": "634e50ad-dad4-4cfe-8d67-65d91a9080f5", "value": "4a74a9fd40b63218f7504f806fce71dffefc1b1d6ca4bbaadd720b6a89d47761", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301169", "to_ids": true, "type": "ssdeep", "uuid": "d3444091-e6d9-480c-b6df-8df856f65501", "value": "6144:nCgsFAkxS1rrtZQXTip12P04nTnvze6lxjWV346vze6lpjWV34Evze6lSjWV34a7:nCgsukxS1vtZ+5nvze6lxjWV346vze6N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301169", "to_ids": false, "type": "size-in-bytes", "uuid": "5ebdf8f4-b667-4979-9b0a-c2c2e87a0911", "value": "346624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301169", "to_ids": true, "type": "vhash", "uuid": "a78007cf-fd07-4e79-8240-a21fda81502b", "value": "135066555d1555551az65nz15z97z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301169", "to_ids": true, "type": "filename", "uuid": "5613243f-7873-42d2-bf0e-c64b9a44f3f9", "value": "Vote_Controller" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301169", "to_ids": false, "type": "text", "uuid": "79ccc07d-f133-4c35-957c-c1b8a0d4bdd7", "value": "HOPLIGHT\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Hoplight\nVT Total Detection:58/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790151", "uuid": "89c9e823-e7df-4cf6-bdc8-4da8c0a585c8", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790151", "to_ids": true, "type": "md5", "uuid": "02113423-b9fc-477c-8a05-dc00527228c9", "value": "c5dc53a540abe95e02008a04a0d56d6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306395", "to_ids": true, "type": "sha1", "uuid": "16a84dac-40f1-42b5-b4c0-7daa57db40b4", "value": "4cfe9e353b1a91a2add627873846a3ad912ea96b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306395", "to_ids": true, "type": "sha256", "uuid": "9752f7ad-d498-407c-a073-d44c190fb75c", "value": "4c372df691fc699552f81c3d3937729f1dde2a2393f36c92ccc2bd2a033a0818", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301190", "to_ids": true, "type": "ssdeep", "uuid": "47f031b1-dba1-43f2-90ec-f668ef1706b4", "value": "6144:LA5cWD93YuzTvLFOLoqbWbnuX7ZEAV6efA/Pawzq:Xc93YbLZEAV6mX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301190", "to_ids": false, "type": "size-in-bytes", "uuid": "af88b160-922d-4cf0-a997-bc0209ea0476", "value": "241152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301190", "to_ids": true, "type": "vhash", "uuid": "de221b26-ec08-4da0-96e2-72f6dc13b228", "value": "025056655d15555az5dhz13z15za7z" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 05/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301190", "to_ids": false, "type": "text", "uuid": "a8195cac-0ce9-4296-ba23-c7d7b60d6a8a", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Hoplight\nVT Total Detection:60/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790172", "uuid": "4839809a-16fd-4721-8817-57a85c14a5e6", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790172", "to_ids": true, "type": "md5", "uuid": "9eb4541d-5c80-4399-91d8-acd477604b73", "value": "61e3571b8d9b2e9ccfadc3dde10fb6e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306397", "to_ids": true, "type": "sha1", "uuid": "95d8db9a-1653-4ece-a4c7-8ea9884bb951", "value": "55daa1fca210ebf66b1a1d2db1aa3373b06da680", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306397", "to_ids": true, "type": "sha256", "uuid": "8f6777f2-f3dc-4421-8a28-2ed42e4128e7", "value": "70034b33f59c6698403293cdc28676c7daa8c49031089efa6eefce41e22dccb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301212", "to_ids": true, "type": "ssdeep", "uuid": "30faf194-4c67-48b8-98a7-8a6628af7805", "value": "6144:d71TKN7LBHvS+bujAfrsxwkm1Ka5l7gTtJUGx:dxKHPuj8WR0K6VgTtZx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301212", "to_ids": false, "type": "size-in-bytes", "uuid": "19fb5150-2201-4a5d-9c49-ca60b0268386", "value": "258052" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301212", "to_ids": true, "type": "vhash", "uuid": "75ae90d0-db82-44a0-8553-b1b47ce2a918", "value": "025036551d1az2dhz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301212", "to_ids": true, "type": "filename", "uuid": "e6816181-a8a5-4836-8dee-71ce2feb292f", "value": "208197___6b0df8c7-0b3d-4581-8646-d7abefc5b4ae.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 08/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301212", "to_ids": false, "type": "text", "uuid": "6944cb11-2849-4b66-bacd-cd337f3befcd", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Hoplight\nVT Total Detection:63/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790193", "uuid": "7133903c-1f03-459b-9358-23546c476325", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790193", "to_ids": true, "type": "md5", "uuid": "4b006693-2dae-49d0-a0c6-2e6c93f2627a", "value": "3edce4d49a2f31b8ba9bad0b8ef54963", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306398", "to_ids": true, "type": "sha1", "uuid": "7aeadc52-2863-4516-baf7-afffd9d7079a", "value": "1209582451283c46f29a5185f451aa3c989723c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306398", "to_ids": true, "type": "sha256", "uuid": "fd15415e-7f04-451d-9f87-f023a59954c5", "value": "73dcb7639c1f81d3f7c4931d32787bdf07bd98550888c4b29b1058b2d5a7ca33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301234", "to_ids": true, "type": "ssdeep", "uuid": "7c6424c6-55c9-4df1-b9a3-b00f350a66a6", "value": "3072:bQGYFFzsaXlvJdbx9NAzDZWaNoh05WKRYW7IWwh7:bSFhLlh9N8DZWaNoG5W8VIWC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301234", "to_ids": false, "type": "size-in-bytes", "uuid": "901ac344-e8c1-4a60-9d0c-ee5912d1c99b", "value": "147456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301234", "to_ids": true, "type": "vhash", "uuid": "5dfd40cf-daeb-4e2d-a7f6-f7d0d4f67d4e", "value": "115046656d155028z332dhz11z1ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301234", "to_ids": true, "type": "filename", "uuid": "c48e7eda-f0af-4eed-acdf-28bd2da59b29", "value": "73dcb7639c1f81d3f7c4931d32787bdf07bd98550888c4b29b1058b2d5a7ca33.dll" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301234", "to_ids": false, "type": "text", "uuid": "7652b672-39a2-43a4-802f-cac4e4e63749", "value": "HOPLIGHT\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Autophyte.E\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790214", "uuid": "1cae8487-e494-4f58-a928-bfd14cc34e58", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790214", "to_ids": true, "type": "md5", "uuid": "3ea73b50-6f08-48ea-a89a-1c428738791b", "value": "3021b9ef74c7bddf59656a035f94fd08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306400", "to_ids": true, "type": "sha1", "uuid": "846a15cb-f619-418d-b023-5f2bfad5ff4c", "value": "05ad5f346d0282e43360965373eb2a8d39735137", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306400", "to_ids": true, "type": "sha256", "uuid": "6b115239-ac7f-4b5b-b0b6-1748dda83eb4", "value": "83228075a604e955d59edc760e4c4ed16eedabfc8f6ac291cf21b4fcbcd1f70a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301255", "to_ids": true, "type": "ssdeep", "uuid": "d0ff8980-089e-45a6-b643-7a6d62d5287b", "value": "6144:4+ZmN/ix9bd+Rvze6lxjWV346vze6lpjWV34Evze6lSjWV34avze6lkjWV34z5FT:4+ZmN/ix9b8Rvze6lxjWV346vze6lpjn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301255", "to_ids": false, "type": "size-in-bytes", "uuid": "7174a963-aeaf-4698-8f7e-0b26489482cf", "value": "245760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301255", "to_ids": true, "type": "vhash", "uuid": "96a66a29-71a0-43fb-a316-8f66d9d8d78c", "value": "125066556d5555551az34nz15z92z3e1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301255", "to_ids": true, "type": "filename", "uuid": "c7869739-0e47-45dc-8ba8-d1e3d7739651", "value": "Vote_Controller" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 20/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301255", "to_ids": false, "type": "text", "uuid": "28dd4c9b-d045-44d1-af87-fcff1ac9965e", "value": "HOPLIGHT\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Hoplight\nVT Total Detection:54/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790235", "uuid": "2eda32ad-c670-4587-bb3e-cbbb9a75372e", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790235", "to_ids": true, "type": "md5", "uuid": "096b2727-e13a-4ead-8f71-79f80dc715eb", "value": "5c0c1b4c3b1cfd455ac05ace994aed4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306401", "to_ids": true, "type": "sha1", "uuid": "efda826c-852a-4d07-b32f-fa4bdbb62320", "value": "69cda1f1adeeed455b519f9cf188e7787b5efa07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306402", "to_ids": true, "type": "sha256", "uuid": "c400894b-af0e-4731-a35d-4168b100a24f", "value": "8a1d57ee05d29a730864299376b830a7e127f089e500e148d96d0868b7c5b520", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301277", "to_ids": true, "type": "ssdeep", "uuid": "445d4257-f017-49e9-bdba-a50b379201fb", "value": "6144:aR3SGkuDrOZm5Te5EXzO7h2ZMB6zJJ+KFvmjyFdzDs0dRb83hYnOQSzS7:aVSWrOZm5TeOjVMoJFFv+mdzDs+kYnOS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301277", "to_ids": false, "type": "size-in-bytes", "uuid": "a63263be-418a-4200-9e7a-e19f35c272de", "value": "348160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301277", "to_ids": true, "type": "vhash", "uuid": "8e480290-2507-48f6-a6c7-535f88c6467e", "value": "135056655d15755028z2226lz2ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301277", "to_ids": true, "type": "filename", "uuid": "a07c38dc-b495-4877-bbc2-b487397f4ac4", "value": "provthrd.dll" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301277", "to_ids": false, "type": "text", "uuid": "7643c2dd-37b5-4e8e-bead-2e57b6c8b40d", "value": "HOPLIGHT\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Nukesped.PA!MTB\nVT Total Detection:62/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790257", "uuid": "57c37eb1-eca1-4875-b65f-20c3ee91fb39", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790257", "to_ids": true, "type": "md5", "uuid": "30f09c81-1950-4453-852d-4f1363231282", "value": "2ff1688fe866ec2871169197f9d46936", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306403", "to_ids": true, "type": "sha1", "uuid": "86d0370e-ccdd-44ea-88e1-6dc441762cc1", "value": "6dc37ff32ea70cbd0078f1881a351a0a4748d10e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306403", "to_ids": true, "type": "sha256", "uuid": "53aad598-ef49-4f1c-9f6e-77973c9042c4", "value": "b05aae59b3c1d024b19c88448811debef1eada2f51761a5c41e70da3db7615a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301298", "to_ids": true, "type": "ssdeep", "uuid": "b40bc337-bb5f-43b1-b45e-8df1c1825151", "value": "6144:GANjUaXCXwz+vLFOLEq3VNwO9zyPqYNkHms:bNjxXgA9uPqR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301298", "to_ids": false, "type": "size-in-bytes", "uuid": "7262192e-73f8-478b-9737-4ac03ec89251", "value": "229500" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301298", "to_ids": true, "type": "vhash", "uuid": "3b62b8b4-4733-48ba-a96c-ed8d278d99bd", "value": "025046656d151az62nz15zb7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301298", "to_ids": true, "type": "filename", "uuid": "8894a0c6-52a7-4ef4-9fb6-8f4d3ec5b6d2", "value": "524100___96c74383-b373-41dc-ad7e-627cb81ebe66.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 15/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301298", "to_ids": false, "type": "text", "uuid": "5e95b838-7273-4416-a0cc-3f93861bbbd7", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nukesped.PA!MTB\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790278", "uuid": "c2102442-5296-4fdf-b1c4-907f3a25e5c4", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790278", "to_ids": true, "type": "md5", "uuid": "2c751fe9-fb92-4ea4-8eff-1d83838dd17e", "value": "2a791769aa73ac757f210f8546125b57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306405", "to_ids": true, "type": "sha1", "uuid": "2ade45e5-d5bc-4785-b7c1-731acf7ce33e", "value": "269f1cc44f6b323118612bde998d17e5bfbf555e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306405", "to_ids": true, "type": "sha256", "uuid": "7106dd3f-86ef-47d1-b78b-384cb2f0850b", "value": "b9a26a569257fbe02c10d3735587f10ee58e4281dba43474dbdef4ace8ea7101", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301320", "to_ids": true, "type": "ssdeep", "uuid": "ff8bf9f2-2edf-4617-a388-b7502f1fa3dc", "value": "1536:BdQGY/Ni+mo06N1homALeoYbrAUD7Qum5T9Xlxgj5MX7jbthYWL3:DQGYFFzxAgoYbrAOQum5TsgjbHP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301320", "to_ids": false, "type": "size-in-bytes", "uuid": "a35c8edb-f286-4895-a5bb-168d9ee168dc", "value": "110592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301320", "to_ids": true, "type": "vhash", "uuid": "8213028a-a6fc-4032-a139-df6060fdefbd", "value": "015036655d1az132clz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301320", "to_ids": true, "type": "filename", "uuid": "8e5010c5-e9e2-4c00-a770-9bf7542b1b64", "value": "b9a26a569257fbe02c10d3735587f10ee58e4281dba43474dbdef4ace8ea7101.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301320", "to_ids": false, "type": "text", "uuid": "368180fe-1e12-4186-a288-1c6d62157b67", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Ransom:Win32/Cobra\nVT Total Detection:64/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790299", "uuid": "80d42a7a-4b6f-4368-9ba4-83327c4003ec", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790299", "to_ids": true, "type": "md5", "uuid": "d6b89cef-0ee1-4826-8051-d999e0548f86", "value": "e4ed26d5e2a84cc5e48d285e4ea898c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306406", "to_ids": true, "type": "sha1", "uuid": "a038817e-044d-4ed0-99b3-57edf1b972f9", "value": "c3d28d8e49a24a0c7082053d22597be9b58302b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306406", "to_ids": true, "type": "sha256", "uuid": "ad645f38-6772-4791-8bb3-2016296ac978", "value": "c66ef8652e15b579b409170658c95d35cfd6231c7ce030b172692f911e7dcff8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301341", "to_ids": true, "type": "ssdeep", "uuid": "00157f35-4816-4a33-aaf3-6150c8e9ef54", "value": "3072:MzviXzovLFOLUAqWilvLc1V2n9+zEty7+LEfq0Mg3ewPWTc:Mzv+zovLFOLFqhlvlQz7ZqueweT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301341", "to_ids": false, "type": "size-in-bytes", "uuid": "3d7c71e6-c4ac-4e61-a32a-a3ae87ae5c7d", "value": "157696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301341", "to_ids": true, "type": "vhash", "uuid": "c35481d5-e946-4c7c-8784-44bd94f2d00f", "value": "015056656d555550e8z3chz1bze2z441z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301341", "to_ids": true, "type": "filename", "uuid": "2ffc7522-fec4-4583-8991-9fc79f68991f", "value": "[Trojan]-[Group_1]-[e4ed26d5e2a84cc5e48d285e4ea898c0]-21426.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301341", "to_ids": false, "type": "text", "uuid": "ec462c37-f972-4973-a8a8-059adc468bae", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nukesped.PA!MTB\nVT Total Detection:64/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790320", "uuid": "3fce37ad-372c-4c5e-82c1-ba51ccf14619", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790320", "to_ids": true, "type": "md5", "uuid": "0bbab85c-232c-4bbd-8d4b-09332ef775b7", "value": "f8d26f2b8dd2ac4889597e1f2fd1f248", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306408", "to_ids": true, "type": "sha1", "uuid": "2f1b38fd-a514-4d1e-8a71-88e7aaa4cdb1", "value": "dd132f76a4aff9862923d6a10e54dca26f26b1b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306408", "to_ids": true, "type": "sha256", "uuid": "632bacc7-0ed8-4dec-a036-d0edd9e265e3", "value": "d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301366", "to_ids": true, "type": "ssdeep", "uuid": "62f03c0f-98bc-4322-aa49-5d3e79a71d0c", "value": "12288:MG31DF/ubokxmgF8JsVusikiWxdj3tIQLYe:NlI0UV0ou1kiWvm4Ye" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301366", "to_ids": false, "type": "size-in-bytes", "uuid": "18458a2a-6541-40d7-b99a-20084d3b5c0c", "value": "456241" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301366", "to_ids": true, "type": "filename", "uuid": "85a1d323-c7fb-4bb0-9482-262148e8f1c8", "value": "d77fdabe17cdba62a8e728cbe6c740e2c2e541072501f77988674e07a05dfb39.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 20/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301366", "to_ids": false, "type": "text", "uuid": "b5511a53-9a84-4a5f-a79f-858a02948bcb", "value": "HOPLIGHT\r\nType Description: unknown\n\nMicrosoft: Trojan:Win32/Hoplight\nVT Total Detection:27/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790341", "uuid": "4fa33b7a-f9b4-44f0-ac42-95fb37f530e4", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790341", "to_ids": true, "type": "md5", "uuid": "857c2f07-7894-4959-9140-186c03f044ee", "value": "be588cd29b9dc6f8cfc4d0aa5e5c79aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306409", "to_ids": true, "type": "sha1", "uuid": "2067c3d9-76d1-4c00-8fce-0b1933e62d2f", "value": "06be4fe1f26bc3e4bef057ec83ae81bd3199c7fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306409", "to_ids": true, "type": "sha256", "uuid": "f27fffc4-519b-4b45-a938-f20e46669649", "value": "ddea408e178f0412ae78ff5d5adf2439251f68cad4fd853ee466a3c74649642d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301387", "to_ids": true, "type": "ssdeep", "uuid": "7704d738-fef1-46d7-9ca6-6d246d2ad2f8", "value": "6144:UEFpmt3md/iA3uiyzOvLFOLYqnHGZlDwf/OYy85eqmJKRPg:/PQ3mJxeigqi/OYy+/g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301387", "to_ids": false, "type": "size-in-bytes", "uuid": "664ef347-0474-402c-9df2-1265f5ae430b", "value": "267776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301387", "to_ids": true, "type": "vhash", "uuid": "644afe75-cbfa-430d-b7b4-0ca9b94f88a2", "value": "025056655d15555az6oz15za7z" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 20/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301387", "to_ids": false, "type": "text", "uuid": "0e67607e-3755-4c35-8d40-58819d0ece39", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nukesped.PA!MTB\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790362", "uuid": "b7e01871-c33c-4b82-85a1-a9f522503b56", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790362", "to_ids": true, "type": "md5", "uuid": "2f6575f9-027d-40e8-8440-9b87f4b4047d", "value": "d2da675a8adfef9d0c146154084fff62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306410", "to_ids": true, "type": "sha1", "uuid": "175306ee-fae6-4051-a143-b7916d5d0bee", "value": "c55d080ea24e542397bbbfa00edc6402ec1c902c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306411", "to_ids": true, "type": "sha256", "uuid": "12d1748a-e88b-48f9-bc7c-a3e2b1cc0a62", "value": "f8f7720785f7e75bd6407ac2acd63f90ab6c2907d3619162dc41a8ffa40a5d03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301409", "to_ids": true, "type": "ssdeep", "uuid": "5b262afa-ac54-41f8-b41a-764412ac01cf", "value": "3072:1QGYFFzYCGUXBk/hbpjYr9Lde0NPV1Y88PxbE:1SFhYaXBkjYJLde0Nd1Hqb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301409", "to_ids": false, "type": "size-in-bytes", "uuid": "c7cf9fde-fc10-404c-878e-73e90376c23f", "value": "139264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301409", "to_ids": true, "type": "vhash", "uuid": "478578cd-708f-4b98-bcd9-ad3afb118789", "value": "015036656d1az2936hz11z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301409", "to_ids": true, "type": "filename", "uuid": "7f343ab0-3a72-400f-adea-32dd32a90e4f", "value": "f8f7720785f7e75bd6407ac2acd63f90ab6c2907d3619162dc41a8ffa40a5d03.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301409", "to_ids": false, "type": "text", "uuid": "2ff056fa-fac7-4453-9fe0-9632dcd573bf", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Ransom:Win32/Cobra\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790383", "uuid": "d8410444-f392-4f0b-829a-dace07b5ab85", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790383", "to_ids": true, "type": "md5", "uuid": "671a17c4-faea-41d4-a808-13bdf3bc85ce", "value": "f315be41d9765d69ad60f0b4d29e4300", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306412", "to_ids": true, "type": "sha1", "uuid": "98d34e30-e9d9-46f4-b1a5-c5c6591381be", "value": "f60c2bd78436a14e35a7e85feccb319d3cc040eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306412", "to_ids": true, "type": "sha256", "uuid": "77b69c8c-cd6c-4d5c-80d0-f0fa219ef8ed", "value": "fe43bc385b30796f5e2d94dfa720903c70e66bc91dfdcfb2f3986a1fea3fe8c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301430", "to_ids": true, "type": "ssdeep", "uuid": "2ed79e6c-2ef8-4909-87b0-6b542e27bb6b", "value": "3072:pQWbIWSG5bzxbT33FiDZWTNArLioB4Gwhes:pR3SGtJ33YDZWTNMLiGah" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301430", "to_ids": false, "type": "size-in-bytes", "uuid": "6c672651-d8ee-46c8-b7e0-4009b965e241", "value": "147456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301430", "to_ids": true, "type": "vhash", "uuid": "02499fea-bd23-4edc-95cb-4d7b29c660f7", "value": "115056655d15155az272bhz11z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301430", "to_ids": true, "type": "filename", "uuid": "0335fa5a-b9ac-4117-a84a-18e76a5ed1b9", "value": "xwtpdui.dll.mui" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 16/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301430", "to_ids": false, "type": "text", "uuid": "2ed51653-1559-4c52-8cd3-c0d7678b0d26", "value": "HOPLIGHT\r\nType Description: Win32 DLL\n\nMicrosoft: Ransom:Win32/Cobra\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790405", "uuid": "fedc031d-f16d-4ea8-a3cb-f8f07a812ffa", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790405", "to_ids": true, "type": "md5", "uuid": "0b6ee77d-5395-4413-b717-dca46d25e26c", "value": "4e595db3b612e1e9da90a0ef7d740792", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306413", "to_ids": true, "type": "sha1", "uuid": "d7202384-3d77-42d3-855f-c2c085d2a1b7", "value": "1483720917e754d05818e64ae07b320ffbdf4d78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306414", "to_ids": true, "type": "sha256", "uuid": "53e9ee35-74b7-4ee1-babd-da9e5e4da7b5", "value": "44a93ea6e6796530bb3cf99555dfb3b1092ed8fb4336bb198ca15b2a21d32980", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301452", "to_ids": true, "type": "ssdeep", "uuid": "a34b1a2a-a378-4d23-b9d8-ce2c6a27961b", "value": "12288:j6k9os/EpYE+DMX6GHU3ZSrLwQ+ruZdwI4TntpdK9roGOeAQ:j6Qos/EpYEWGHFrL1+iZdwVTtp09rbOi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301452", "to_ids": false, "type": "size-in-bytes", "uuid": "344425ac-af6d-4a3c-8e22-c615bf6aa79d", "value": "557681" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301452", "to_ids": true, "type": "vhash", "uuid": "faca50ef-0364-42ee-9ec5-aec3d61a7366", "value": "055036651d1018z3chz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301452", "to_ids": true, "type": "filename", "uuid": "838bc005-8970-41bf-b8b4-d4cda1a02457", "value": "44a93ea6e6796530bb3cf99555dfb3b1092ed8fb4336bb198ca15b2a21d32980.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301452", "to_ids": false, "type": "text", "uuid": "92a57678-f470-4fa5-817f-b50261bea0a0", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Nukesped.PA!MTB\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790426", "uuid": "6086825d-ba82-4257-a0c1-5c687f7e4414", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790426", "to_ids": true, "type": "md5", "uuid": "82bccf41-4d25-468d-9e99-af84c931fe9e", "value": "dc268b166fe4c1d1c8595dccf857c476", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306415", "to_ids": true, "type": "sha1", "uuid": "3d4eefee-9f46-4562-a371-dfa2f9b0a7f7", "value": "8264556c8a6e460760dc6bb72ecc6f0f966a16b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306415", "to_ids": true, "type": "sha256", "uuid": "eae49f23-71e5-414f-8ddd-0cee3d890c01", "value": "49757cf85657757704656c079785c072bbc233cab942418d99d1f63d43f28359", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301473", "to_ids": true, "type": "ssdeep", "uuid": "25f09b5c-f0ee-4e70-9e8e-4de8d254c175", "value": "6144:jfsTC8amAXJeZP6BPjIDeLkigDxcvAHjVXjhtBGshMLa1Mj7rtlkiP60dwtudIye:jvg+Rg1cvAHtE0MLa07rt5POui6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301473", "to_ids": false, "type": "size-in-bytes", "uuid": "dc2061e4-a42e-4a5a-9325-8d19fa46903b", "value": "391680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301473", "to_ids": true, "type": "vhash", "uuid": "23860ab7-25a6-447f-ab6a-a7a5c7ad803f", "value": "135066655d1515751az45!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301474", "to_ids": true, "type": "filename", "uuid": "148ab2a5-0484-45ae-9bf3-70f359b71689", "value": "TCP/IP - PacketFilter" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301474", "to_ids": false, "type": "text", "uuid": "28a6c2be-d303-445b-bc83-7fc18a0df033", "value": "HOPLIGHT\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Hoplight\nVT Total Detection:63/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790448", "uuid": "24032799-680b-497c-9d8d-b5f24eea2363", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790448", "to_ids": true, "type": "md5", "uuid": "1dc3d78b-31d3-4917-b352-57ebc17771bf", "value": "ae829f55db0198a0a36b227addcdeeff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306417", "to_ids": true, "type": "sha1", "uuid": "1f8b19fc-88ce-4eec-8a7d-f545f098dd39", "value": "04833210fa57ea70a209520f4f2a99d049e537f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306417", "to_ids": true, "type": "sha256", "uuid": "4c2c3b5c-273f-44a8-a82c-5e4139a7eaa8", "value": "70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301495", "to_ids": true, "type": "ssdeep", "uuid": "d0ffb817-be95-48f8-8075-2664fe384a68", "value": "3:ElclFUl8GlFcmzkXIil23X1ll:ElcUXmQkXQ3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301495", "to_ids": false, "type": "size-in-bytes", "uuid": "ac9d214f-7258-4e5d-b3d6-3dee2f12f580", "value": "1171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301495", "to_ids": true, "type": "filename", "uuid": "220162a9-ce99-4aa9-a472-9d90a8d54062", "value": "70902623c9cd0cccc8513850072b70732d02c266c7b7e96d2d5b2ed4f5edc289.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 20/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301495", "to_ids": false, "type": "text", "uuid": "f2287b68-1952-4c04-8227-265b142060c8", "value": "HOPLIGHT\r\nType Description: ISO image\n\nMicrosoft: Trojan:Win32/Hoplight\nVT Total Detection:17/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790470", "uuid": "c1dc1d11-f4ee-451c-9249-22ffeefb0b9a", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790470", "to_ids": true, "type": "md5", "uuid": "e39360ec-fc7a-47da-884a-13fd0dbbd0a8", "value": "894b81b907c23f927a3f38cfd30f32da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306418", "to_ids": true, "type": "sha1", "uuid": "ef85ddb8-18ec-48e6-88b7-d8f1c1e4c188", "value": "411a320c389e492bf41eb6c5708809721f28a81f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306418", "to_ids": true, "type": "sha256", "uuid": "5b98236e-bda4-4d14-90ae-959e392d1256", "value": "823d255d3dc8cbc402527072a9220e4c38655de1a3e55a465db28b55d3ac1bf8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301516", "to_ids": true, "type": "ssdeep", "uuid": "c6afd543-e4ff-4d4f-bf9b-5a6bbf09d9e3", "value": "12288:yeR6alRBGA44gibT2QPAdfyGwspLvgwEq8kkAwkeJbJPCYzH:yeR6alP44JbydfyGn84KAwbxJPCYD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301516", "to_ids": false, "type": "size-in-bytes", "uuid": "08e4f228-0d86-4322-a72c-34721f336e29", "value": "692274" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301516", "to_ids": true, "type": "vhash", "uuid": "470c508f-d0f3-462d-bc1b-82bacadba4e8", "value": "065066655d1555151048z52hz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301517", "to_ids": true, "type": "filename", "uuid": "84c14034-59bc-4446-9f50-8561f67169de", "value": "netbtugc.exe.mui" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 21/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301517", "to_ids": false, "type": "text", "uuid": "3324283c-bb8c-4362-ab49-62343a5c95e0", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win64/NukeSped!MSR\nVT Total Detection:54/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790491", "uuid": "f9db9794-da89-4f98-9838-2777efc310c8", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790491", "to_ids": true, "type": "md5", "uuid": "ac7aae6a-9a2d-4bd5-ac30-1a20e8ba2e06", "value": "c4103f122d27677c9db144cae1394a66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306420", "to_ids": true, "type": "sha1", "uuid": "8db21dc2-81d5-4309-8fda-56a6cb947366", "value": "1489f923c4dca729178b3e3233458550d8dddf29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306420", "to_ids": true, "type": "sha256", "uuid": "b10c4def-4320-4743-9680-64ba68bccf89", "value": "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301538", "to_ids": true, "type": "ssdeep", "uuid": "d49482ff-d350-4000-b319-4d5e4e2dd897", "value": "3::" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301538", "to_ids": false, "type": "size-in-bytes", "uuid": "3f41627b-a9b1-4f9c-9605-14a01be2ebda", "value": "2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301538", "to_ids": true, "type": "filename", "uuid": "c8a6f429-96fd-4a3a-a682-848263b377bf", "value": "station_codes.dat" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301538", "to_ids": false, "type": "text", "uuid": "1d568062-0c20-402a-b42d-87ae86646255", "value": "HOPLIGHT\r\nType Description: unknown\nFile distributed by: Microsoft Corporation\nTrusted verdict: goodware\nVerdict generator: Microsoft Corporation\nVerdict filename: station_codes.dat\n\nMicrosoft: None\nVT Total Detection:1/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790513", "uuid": "9dd2b4cb-55ba-4f7a-96e7-1dd40e332494", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790513", "to_ids": true, "type": "md5", "uuid": "583d8bc8-4cd9-4d4c-8a97-8aa37b2e23b5", "value": "3dbd47cc12c2b7406726154e2e95a403", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306421", "to_ids": true, "type": "sha1", "uuid": "ba15dc53-95cf-4684-876f-d1a1c77204ac", "value": "afaa88c46666e5684b89b94ef2c4bc82e4c00845", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306422", "to_ids": true, "type": "sha256", "uuid": "87b84cd0-4ea9-4aa3-874f-f3f7dd8b38da", "value": "ba80cb0a08908782f4b6e88aa15e2d306b19bc93e79bd8770bf8be904fd1bd09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301560", "to_ids": true, "type": "ssdeep", "uuid": "ed91d16b-254f-4530-ab5f-3fd9d5a42dde", "value": "1536:/sQWbe9BzK0xGtFOpVyDpWpQCnRx/bV3Q3Wgim5TjZU15MX7jbQnKVYJ3n:EQWbIWSGWjBjrbV3jgim5TjqPgjbQgA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301560", "to_ids": false, "type": "size-in-bytes", "uuid": "3859c6c4-ea81-49a0-a6a0-e9c6b8af585c", "value": "117591" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301560", "to_ids": true, "type": "vhash", "uuid": "d237af1d-d9c3-45c9-bddc-238001230f1a", "value": "015036655d1az142blz2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301560", "to_ids": true, "type": "filename", "uuid": "98c07e43-90e6-41d4-bae7-d04cf9cd85f1", "value": "ba80cb0a08908782f4b6e88aa15e2d306b19bc93e79bd8770bf8be904fd1bd09.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301560", "to_ids": false, "type": "text", "uuid": "26d72ee7-9714-423d-9457-1723f9324b13", "value": "HOPLIGHT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Autophyte.E!dha\nVT Total Detection:57/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790534", "uuid": "05ff0904-d8f4-4cc1-89f6-9b4dce4c7526", "Attribute": [ { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790534", "to_ids": true, "type": "md5", "uuid": "f8483095-f215-4d6b-ab90-54e250a72c54", "value": "0893e206274cb98189d51a284c2a8c83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306423", "to_ids": true, "type": "sha1", "uuid": "a1d68ee7-68da-418c-8db8-7525612001c0", "value": "d1f4cf4250e7ba186c1d0c6d8876f5a644f457a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HOPLIGHT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306423", "to_ids": true, "type": "sha256", "uuid": "fc8b1455-ad08-4b00-8e3b-279c57f90dc1", "value": "cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301582", "to_ids": true, "type": "ssdeep", "uuid": "147a8a14-e0af-4e42-bdcb-f4e9e898acff", "value": "3072:WsyjTzEvLFOL8AqCiueLt1VFu9+zcSywy0mcj90nSJ5NatCmtWwNQLK:W/zEvLFOLdq9uebdSwHN9n5wtkwNwK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301582", "to_ids": false, "type": "size-in-bytes", "uuid": "b42a05e8-c036-4090-b7bb-1e91719877b9", "value": "221184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301582", "to_ids": true, "type": "vhash", "uuid": "32ca06b1-c8f1-499e-bd53-3199edf221fa", "value": "125046656d155028z56vza6z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301582", "to_ids": true, "type": "filename", "uuid": "66d3bdbb-ee53-4810-a2ed-ad8589cd870f", "value": "cd5ff67ff773cc60c98c35f9e9d514b597cbd148789547ba152ba67bfc0fec8f.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301582", "to_ids": false, "type": "text", "uuid": "4265c92d-2a82-4460-aaa6-c6306bfbdefd", "value": "HOPLIGHT\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Hoplight\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "f21d8d72-9db5-4c2a-994b-8cc87e70ab81", "Attribute": [ { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "cc5f4d9f-5017-49d8-8ba0-17da7d0f5995", "value": "3c9e71400b72cc0213c9c3e4ab4df9df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "cdc5ea75-f068-4993-9b5a-018263a8a8a9", "value": "bdb632b27ddb200693c1b0b80819a7463d4e7a98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "00761537-9417-4d22-8f23-e1d50313d887", "value": "70b494b0a8fdf054926829dcb3235fc7bd0346b6a19faf2a57891c71043b3b38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301603", "to_ids": true, "type": "ssdeep", "uuid": "9337af6f-67ae-4958-97d2-0f05a9cca1ca", "value": "24576:5gDgaE2r55ENJSOZ8jsAMZMF2kPupVevS6ieT17cZ/hJMIYO0:+D9vrrs8OZxZI+wvTTahqO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301603", "to_ids": false, "type": "size-in-bytes", "uuid": "6f537678-61a2-41fe-bff7-1809d822c4a3", "value": "1637888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301603", "to_ids": true, "type": "vhash", "uuid": "de84b8b6-1e4e-4f5d-a1b1-bef76509137d", "value": "01606f7d0d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301603", "to_ids": true, "type": "filename", "uuid": "b3c3504f-56ec-4d94-8d25-9fa8a9eb3ddd", "value": "70b494b0a8fdf054926829dcb3235fc7bd0346b6a19faf2a57891c71043b3b38.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 28/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301603", "to_ids": false, "type": "text", "uuid": "de9e1ba7-1970-49b5-a7cf-f700cbab27c7", "value": "VIVACIOUSGIFT\r\nType Description: Win32 EXE\n\nMicrosoft: TrojanSpy:Win32/Banker\nVT Total Detection:66/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "57a40590-f853-478b-aa6c-447e192c77aa", "Attribute": [ { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "401ce390-a302-435f-a420-a94873aa4ac3", "value": "889e320cf66520485e1a0475107d7419", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "76e7a7cd-743e-422e-874b-81bad5f1a1a7", "value": "f5fc9d893ae99f97e43adcef49801782daced2d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "0a1df028-117a-4f21-a47b-b90a90dd13d5", "value": "8cad61422d032119219f465331308c5a61e21c9a3a431b88e1f8b25129b7e2a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301625", "to_ids": true, "type": "ssdeep", "uuid": "31029467-f4ea-49e2-8b1c-c426b85fc8b7", "value": "6144:sdqAqUok+00rm9TOi9Vc7/VtXvWLnJlh+efvoRKmjbL/xY4fTKKWSFle3IDgDi2C:xABogwttXuLnJlkkiKU/xtKYydF9iIU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301625", "to_ids": false, "type": "size-in-bytes", "uuid": "c56a18f2-5928-4350-ace2-74387e25451c", "value": "480768" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301625", "to_ids": true, "type": "vhash", "uuid": "637461eb-223f-413b-98b9-6d709c90e8e2", "value": "145056656d155510b8z5djz18z197z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301625", "to_ids": true, "type": "filename", "uuid": "eaff64bf-1b6b-4130-9564-760697bf7bba", "value": "rat1.dll" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301625", "to_ids": false, "type": "text", "uuid": "a006934b-faeb-45cc-9337-271e34494fac", "value": "VIVACIOUSGIFT\r\nType Description: Win32 DLL\n\nMicrosoft: TrojanSpy:Win64/Cyruslish.A\nVT Total Detection:57/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "b4b1ce04-c7e8-467a-8dad-2f285dbb6254", "Attribute": [ { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "deaee147-557b-4e77-9268-b881ba2becd7", "value": "97aaf130cfa251e5207ea74b2558293d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "b4e97feb-2030-4fdb-a71f-4fabb603500a", "value": "c7e7dd96fefca77bb1097aeeefef126d597126bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "3c4683ac-f9c7-47f2-9e72-ef777af70543", "value": "9a776b895e93926e2a758c09e341accb9333edc1243d216a5e53f47c6043c852", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301646", "to_ids": true, "type": "ssdeep", "uuid": "fcc76cad-67f4-4e56-9443-48490249362f", "value": "3072:6U5r72JE+FYWR0jZLShk4cPT/QzSaQ0sCFneZTznIhZJJcrJ1GHeV9:6U5uJpYnZL05STQNddFnAnGZIrV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301646", "to_ids": false, "type": "size-in-bytes", "uuid": "b4f38eee-6741-4e0c-a244-6a4dd6efaa24", "value": "232960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301646", "to_ids": true, "type": "vhash", "uuid": "9fec1d7a-442c-4b07-809f-c27b73179c94", "value": "025046655d1550a8z5ajz18z187z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301646", "to_ids": true, "type": "filename", "uuid": "cbdf6365-d331-43f6-ba64-c4f5aef73adc", "value": "splwow32.exe.txt" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 20/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301646", "to_ids": false, "type": "text", "uuid": "0e40c401-3f18-4a50-b270-3f5acb939404", "value": "VIVACIOUSGIFT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Alreay\nVT Total Detection:62/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "71722722-c2bd-432d-a3f8-f5ffbd9a7d20", "Attribute": [ { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "d450b8f4-139e-47cb-82e9-0af7af560d1c", "value": "40e698f961eb796728a57ddf81f52b9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "43328fa7-18c5-4437-8694-13acec645ba2", "value": "50b4f9a8fa6803f0aabb6fd9374244af40c2ba4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "927b9c77-a3ca-41c8-809b-7a64bd2b68b7", "value": "a917c1cc198cf36c0f2f6c24652e5c2e94e28d963b128d54f00144d216b2d118", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301668", "to_ids": true, "type": "ssdeep", "uuid": "3fb168d4-9ce6-4d0e-93d7-71598ea15c4d", "value": "12288:E30MB7N+man4IrT0qhPyRg8o//ND6lAMYqcl:i0YNwrT0qhPFtHN2lLYq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301668", "to_ids": false, "type": "size-in-bytes", "uuid": "ad8469c9-90a8-4ad2-a8d9-0a2365bcd76c", "value": "408576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301668", "to_ids": true, "type": "vhash", "uuid": "b6d96146-51c5-426f-bee4-85213d9775f0", "value": "045046656d1550b8z5bjz18z197z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301668", "to_ids": true, "type": "filename", "uuid": "cff0ef1b-db44-41a3-8496-0edd91627086", "value": "executable.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 06/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301668", "to_ids": false, "type": "text", "uuid": "0e1a9d15-d278-4821-809c-56c167d8480c", "value": "VIVACIOUSGIFT\r\nType Description: Win32 EXE\n\nMicrosoft: TrojanSpy:Win32/Banker\nVT Total Detection:61/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "b9b42b33-4fd7-4036-97b0-ffb2756d77ce", "Attribute": [ { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "ab9b80f7-73b5-4132-af73-1026f8a7387e", "value": "dfd09e91b7f86a984f8687ed6033af9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "443d5b34-9c43-41f2-ac53-cf3a023bddbf", "value": "b8fe7884d2dc4983fb0fbca192694ce2f4685e23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "89914c7e-ba4c-4c16-b99f-37a3f2879660", "value": "aca598e2c619424077ef8043cb4284729045d296ce95414c83ed70985c892c83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301689", "to_ids": true, "type": "ssdeep", "uuid": "9739a5e7-eb1f-4f83-9a1c-29339ad88cb9", "value": "3072:XU5r72JE+FYWR0jZLShk4cPT/QzSaQ0sCFneZTznIhZJJcrJ1GHeV9:XU5uJpYnZL05STQNddFnAnGZIrV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301689", "to_ids": false, "type": "size-in-bytes", "uuid": "09baaef9-c1c8-4687-bb0c-ae151b60562a", "value": "232960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301689", "to_ids": true, "type": "vhash", "uuid": "814d494a-8d64-4d29-81d5-cb23958f189e", "value": "025046655d1550a8z5ajz18z187z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301689", "to_ids": true, "type": "filename", "uuid": "64ab0087-1b53-49d7-974d-815fd858ef40", "value": "aca598e2c619424077ef8043cb4284729045d296ce95414c83ed70985c892c83.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 19/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301689", "to_ids": false, "type": "text", "uuid": "5520889b-f3cb-4f5f-b0f9-9ed61e56437d", "value": "VIVACIOUSGIFT\r\nType Description: Win32 EXE\n\nMicrosoft: TrojanSpy:Win32/Banker!dha\nVT Total Detection:65/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981289", "uuid": "44b8e2a4-f84f-4713-9539-144c1f4908fe", "Attribute": [ { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981289", "to_ids": true, "type": "md5", "uuid": "55bb3f66-f554-4fc7-9d1f-7a5268f68342", "value": "bda82f0d9e2cb7996d2eefdd1e5b41c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981289", "to_ids": true, "type": "sha1", "uuid": "0a1b5687-1256-4af3-a555-e2547cd9fac1", "value": "9ff715209d99d2e74e64f9db894c114a8d13229a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VIVACIOUSGIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981289", "to_ids": true, "type": "sha256", "uuid": "c314370a-e793-4086-8276-1c55c9354b76", "value": "f3ca8f15ca582dd486bd78fd57c2f4d7b958163542561606bebd250c827022de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301711", "to_ids": true, "type": "ssdeep", "uuid": "81d98e78-735d-400c-b4db-a5f34eaa44ad", "value": "6144:+TW3SZ4GvcPPWi9JhJTxPm26ebMk5Q35m8LERov:invQThJsexib" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301711", "to_ids": false, "type": "size-in-bytes", "uuid": "538a12c2-d8d7-47ca-8b67-c4d85c326942", "value": "265216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301711", "to_ids": true, "type": "vhash", "uuid": "9c05f6e8-89ed-4f69-a133-2d26ef930a20", "value": "025056655d155510a8z5bjz18z187z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301711", "to_ids": true, "type": "filename", "uuid": "1edbe865-31df-4926-9b7c-6d8a6af91008", "value": "hs.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301711", "to_ids": false, "type": "text", "uuid": "533546bc-6d6d-4438-9da7-c0201b0d365b", "value": "VIVACIOUSGIFT\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/ClipBanker!MSR\nVT Total Detection:60/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740790683", "uuid": "a58227ce-21cb-4a3b-abfa-62db61863d59", "Attribute": [ { "category": "Payload delivery", "comment": "CROWDEDFLOUNDER", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740790683", "to_ids": true, "type": "md5", "uuid": "428ada57-1b2c-492d-8478-00c37d42fdea", "value": "f2b9d1cb2c4b1cd11a8682755bcc52fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CROWDEDFLOUNDER", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740306436", "to_ids": true, "type": "sha1", "uuid": "20a0c335-ca7f-4135-bee2-f5da197f32cf", "value": "579884fad55207b54e4c2fe2644290211baec8b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CROWDEDFLOUNDER", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740306436", "to_ids": true, "type": "sha256", "uuid": "f25916bd-3a18-48b9-beed-93c56e8bb71a", "value": "a2a77cefd2faa17e18843d74a8ad155a061a13da9bd548ded6437ef855c14442", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740301732", "to_ids": true, "type": "ssdeep", "uuid": "df4fe1d0-9aca-4510-8854-cc2f0ec91a4b", "value": "24576:darngxIJfX2+8mGrvs5pdUIPv3eAUW/Y8w9ejjERAjYrNFtI937sTR7R5NwrzD:da7gx2B81gdVXvfAnHRFtIl7k7RPwr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740301732", "to_ids": false, "type": "size-in-bytes", "uuid": "1edad71f-6eab-464a-8d57-e87c0eca9f92", "value": "1658880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740301732", "to_ids": true, "type": "vhash", "uuid": "630c659f-b85a-48b8-9794-08394a0191b4", "value": "01606f7d0d1f1f7f11z17z1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740301732", "to_ids": true, "type": "filename", "uuid": "eafe2989-d80a-45c7-a296-597b4ed0ac84", "value": "observable3" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 21/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740301732", "to_ids": false, "type": "text", "uuid": "8c006576-9242-47dc-869e-f066df90d685", "value": "CROWDEDFLOUNDER\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Thcsim\nVT Total Detection:63/72" } ] } ] } }