{ "Event": { "analysis": "1", "date": "2020-06-19", "extends_uuid": "", "info": "[Threat Intel] The eagle eye is back: old and new backdoors from APT30", "protected": false, "publish_timestamp": "1780039643", "published": true, "threat_level_id": "1", "timestamp": "1772901951", "uuid": "f2225e4e-678a-4018-9046-befc5d32e220", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#86298e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#750f7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"", "relationship_type": "" }, { "colour": "#15e278", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Compressed - T1002\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#2ced92", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT30\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NETEAGLE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"RCtrl\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"backspace\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746476038", "to_ids": false, "type": "link", "uuid": "4da494a3-03db-402a-a40a-44f4a9fba00c", "value": "https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/eagle-eye-is-back-apt30", "Tag": [ { "colour": "#6b003a", "local": false, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736669958", "to_ids": false, "type": "text", "uuid": "01f575af-850b-45ab-a8dc-366c761c82db", "value": "On April 8, 2020, PT Security Center detected signs of life from the well-known APT30 group. Network signatures for dynamic malware analysis on a popular site alerted for APT30, which had not been active for some time.\n\nIn the article, PT Security will examine new versions of known Trojans, the features of the group's recently detected malware, and network infrastructure." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736669958", "to_ids": false, "type": "text", "uuid": "efe91b6b-80d2-4708-acde-ecbf7805c709", "value": "Name: The eagle eye is back: old and new backdoors from APT30\nAuthor: AlienVault\nAdversary: APT30\nTags: [\"APT30\", \"Group G0013\", \"BACKSPACE\", \"NETEAGLE\"]\nTgtd countries: [\"Malaysia\"]\nMlwr families: [\"BACKSPACE - S0031\", \"NETEAGLE - S0034\"]\nAttack_ids: [\"T1027\", \"T1045\", \"T1112\", \"T1137\", \"T1002\", \"T1071\", \"T1064\", \"T1204\", \"T1082\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736669958", "to_ids": false, "type": "threat-actor", "uuid": "d566c1aa-a1f9-4258-8d5e-3b64528e567c", "value": "APT30" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883147", "to_ids": true, "type": "url", "uuid": "88af04fd-9775-4e44-8427-d1b7450600b0", "value": "http://www.techmicrost.com/infos/p", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883168", "to_ids": true, "type": "url", "uuid": "8f75fa5a-69fe-4bf8-a468-247d399a6e92", "value": "http://www.kabadefender.com/plugins/r.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883190", "to_ids": true, "type": "url", "uuid": "6850d9cf-f6c1-476f-9e43-10421929283e", "value": "http://www.gordeneyes.com/photo/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883211", "to_ids": true, "type": "url", "uuid": "c7b2857c-29b6-4ec4-8fbe-f8afeb28c1ff", "value": "http://www.gordeneyes.com/infos/p", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883233", "to_ids": true, "type": "url", "uuid": "1e290818-7815-4d71-854b-d9423c59747b", "value": "http://www.kabadefender.com/clntsignin.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883254", "to_ids": true, "type": "url", "uuid": "bc4a1b29-5d40-4af7-b66c-b3dad43d844a", "value": "http://www.kabadefender.com/clntcmd.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883275", "to_ids": true, "type": "hostname", "uuid": "9b5194d7-f115-42e2-a862-7398dc3bb726", "value": "www.gordeneyes.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883296", "to_ids": true, "type": "hostname", "uuid": "637b6e42-d558-4758-8a54-0e306489c734", "value": "www.newpresses.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883317", "to_ids": true, "type": "hostname", "uuid": "1081486a-443e-433c-8a5b-cd84acc9b337", "value": "www.techmicrost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883339", "to_ids": true, "type": "hostname", "uuid": "a02e28c8-7a17-4a13-b738-19ec34bcdb4b", "value": "www.kabadefender.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883360", "to_ids": true, "type": "hostname", "uuid": "61664bd1-c90b-42ec-a9b8-928289de1e7c", "value": "www.appsecnic.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883381", "to_ids": true, "type": "hostname", "uuid": "bc694906-44ea-42dc-b37c-2d23421c3738", "value": "www.km153.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883402", "to_ids": true, "type": "domain", "uuid": "7923e39d-2d76-4518-9fa2-6eed464978cb", "value": "km153.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883423", "to_ids": true, "type": "domain", "uuid": "5805a5df-5a9c-44d9-baa5-71d4871efed5", "value": "newpresses.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883444", "to_ids": true, "type": "domain", "uuid": "e23ef3b6-1c85-4b26-a3eb-feedc7d77ad8", "value": "appsecnic.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747521000", "to_ids": true, "type": "url", "uuid": "26119817-21c4-445d-bd88-fc3059ba23e8", "value": "http://103.233.10.152:4433/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747521000", "to_ids": true, "type": "url", "uuid": "9699df01-80e2-4ef7-8e0e-791a352b37aa", "value": "http://172.247.197.189:443/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883507", "to_ids": true, "type": "domain", "uuid": "473d6edb-939f-4589-919d-007c1f228922", "value": "kabadefender.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 4433", "deleted": false, "disable_correlation": false, "timestamp": "1740306630", "to_ids": true, "type": "ip-dst|port", "uuid": "c4bf484f-6f0c-4365-9f97-1adf041bf197", "value": "103.233.10.152|4433" }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1740306630", "to_ids": true, "type": "ip-dst|port", "uuid": "51601b9f-9dbe-4471-b99a-6fc340e50876", "value": "172.247.197.189|443" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883529", "to_ids": true, "type": "domain", "uuid": "1fe53c10-2399-4bf3-98a8-63d95aabce90", "value": "gordeneyes.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740883550", "to_ids": true, "type": "domain", "uuid": "a7e6c7ec-dff1-404e-bc73-85eb84baf014", "value": "techmicrost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Targeting data", "comment": "The decoy document was created on August 2, 2019 by the user Norehan Binti Nordin", "deleted": false, "disable_correlation": false, "timestamp": "1740306712", "to_ids": false, "type": "target-user", "uuid": "d7115561-6566-438b-ade4-ba4d1cacae1a", "value": "Norehan Binti Nordin" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740883571", "uuid": "134c4c6e-b60a-4f38-900f-c22ca561f2dc", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:Win32.Tavex.A\nIOC-description:SHA256 of 56725556d1ac8a58525ae91b6b02cf2c", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740883571", "to_ids": true, "type": "md5", "uuid": "c9b8809f-a317-44d6-b50a-361093d75e83", "value": "56725556d1ac8a58525ae91b6b02cf2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:Win32.Tavex.A\nIOC-description:SHA256 of 56725556d1ac8a58525ae91b6b02cf2c", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740792917", "to_ids": true, "type": "sha1", "uuid": "0513f998-8309-4aab-b541-07ffc8c881e0", "value": "e211cad9f59bd8ab0a916dd27a7eb9501eee170c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:Win32.Tavex.A\nIOC-description:SHA256 of 56725556d1ac8a58525ae91b6b02cf2c", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740792917", "to_ids": true, "type": "sha256", "uuid": "1085bea9-6ceb-49b8-ad86-c2f0107a9476", "value": "19d8bd80d362aa43623081b1ea516da6f500b917ba484c8c85b7919764af5bc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792465", "to_ids": true, "type": "ssdeep", "uuid": "28e91b4b-15a6-4fa5-a3f8-080e86e1be46", "value": "1536:1KLMHzNJ514C6Dp8xOmTHdr4yEpHkM1Xo4hR:Q411UuxOmrdr4yEpED4r" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792465", "to_ids": false, "type": "size-in-bytes", "uuid": "4643b06c-d294-4bbb-9b17-03ee7f97010d", "value": "77824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792465", "to_ids": true, "type": "vhash", "uuid": "663a51e2-de8b-47cb-b0f6-3dbe8dbe61ae", "value": "074046651d155065z5001113fz43zd5ze7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792465", "to_ids": true, "type": "filename", "uuid": "7c8a2873-be9b-4e67-97e0-9d74136d145a", "value": "msmsgr.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792465", "to_ids": false, "type": "text", "uuid": "021740a3-5839-4456-9f73-838f0498dc97", "value": "IOC-title:Win32.Tavex.A\nIOC-description:SHA256 of 56725556d1ac8a58525ae91b6b02cf2c\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Generic!rfn\nVT Total Detection:50/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740883593", "uuid": "06c22a93-ed16-4615-85e9-1aa9a68752ea", "Attribute": [ { "category": "Payload delivery", "comment": "IOC-title:ConventionEngine_Keyword_Svchost\nIOC-description:SHA256 of 9cb8a0cb778906c046734fbe67778c61", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740883593", "to_ids": true, "type": "md5", "uuid": "555c0d6d-f42d-47d9-a69d-87d0c6c6f2cf", "value": "9cb8a0cb778906c046734fbe67778c61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:ConventionEngine_Keyword_Svchost\nIOC-description:SHA256 of 9cb8a0cb778906c046734fbe67778c61", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740792918", "to_ids": true, "type": "sha1", "uuid": "2dbf1894-2ca9-4996-967d-a046c41d1e8e", "value": "ed79d765c002e767ba5ed6cf8b878671a0ff25c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IOC-title:ConventionEngine_Keyword_Svchost\nIOC-description:SHA256 of 9cb8a0cb778906c046734fbe67778c61", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740792918", "to_ids": true, "type": "sha256", "uuid": "529018c2-b2f7-4bb6-8422-1d547eb04282", "value": "21477cb4ea18c8657cbcf076701808f02fca27f391a5a1ac9ebb61d83033cf71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792487", "to_ids": true, "type": "ssdeep", "uuid": "6ec28c0d-e46e-41d2-9a10-0219d4c435cf", "value": "98304:eAyUGGddNkHGX7v5VPQZ7tRdjd7Ue4W2LHFLOAkGkzdnEVomFHKnP:/yRGpkHQ7/4zd7Ue4W2LHFLOyomFHKnP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792487", "to_ids": false, "type": "size-in-bytes", "uuid": "7f0c0c12-d52f-4954-87c5-d545eb92da30", "value": "3489792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792487", "to_ids": true, "type": "vhash", "uuid": "a2467660-aa9e-4a6e-b3f2-e6146bc17274", "value": "036056655d557560f012z6200ac6z220e5zb0600e4z10d7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792487", "to_ids": true, "type": "filename", "uuid": "da6f994e-3afd-4961-a58b-97555865259c", "value": "microstore.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792487", "to_ids": false, "type": "text", "uuid": "db1ff43a-7df8-4bfb-b3a5-61de8d29f4a6", "value": "IOC-title:ConventionEngine_Keyword_Svchost\nIOC-description:SHA256 of 9cb8a0cb778906c046734fbe67778c61\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Occamy.AA\nVT Total Detection:51/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740883614", "uuid": "b3b5c62b-3ddf-4081-97c5-da948cb91596", "Attribute": [ { "category": "Payload delivery", "comment": "NETEAGLE dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740883614", "to_ids": true, "type": "md5", "uuid": "50abb8cf-7da4-4528-ac7c-7fe24bf4e59b", "value": "f4f8f64fd66a62fc456da00dd25def0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NETEAGLE dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740792919", "to_ids": true, "type": "sha1", "uuid": "60cbd991-bbbf-4896-8b20-48fe346434ac", "value": "c83b39e1c49a1aa91f44e9c0a41cc969db9b0a46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NETEAGLE dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740792919", "to_ids": true, "type": "sha256", "uuid": "f614869a-b003-4ba8-a20b-9800295f8afb", "value": "9f58d4e7170b0fe3df1d332b37e4cf9a114da8ef42b19a300f15868b0583d0de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792508", "to_ids": true, "type": "ssdeep", "uuid": "a5a30920-86f3-4b21-b59b-c51cb3233cba", "value": "1536:NXMiAf4P7oM+55x/p6XsmbeLcLfRUbu26nFkG9EF+l/yihDY6ZyoGiltm4wmXs:N8iAAP73+559pYsSLfwu26F0cyqDfZvu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792508", "to_ids": false, "type": "size-in-bytes", "uuid": "9fbdcbe4-f0e8-4b5a-8bae-fb531d2e8a54", "value": "90112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792508", "to_ids": true, "type": "vhash", "uuid": "396b52d3-e1b8-4e81-a9dc-cc19343eec63", "value": "09403e0f7d1bz301lz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792508", "to_ids": true, "type": "filename", "uuid": "c6f1342e-4c66-4f21-93b6-2fb3da90d430", "value": "WinWord.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792508", "to_ids": false, "type": "text", "uuid": "cf58df7e-2f65-4c3d-87af-eb41c00138ce", "value": "NETEAGLE dropper\r\nType Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/NetEagle.MX!MTB\nVT Total Detection:45/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740883635", "uuid": "eafc88b6-3c83-4914-8d85-bd66b1767f3d", "Attribute": [ { "category": "Payload delivery", "comment": "RCtrl", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740883635", "to_ids": true, "type": "md5", "uuid": "ff950361-4994-4977-895a-5c5fa828af41", "value": "95fde34187552a2b0b7e3888bfbff802", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RCtrl", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740792921", "to_ids": true, "type": "sha1", "uuid": "b59f0d32-8edd-4c07-8cc2-381aa7047e6b", "value": "4fde7148415634829bd0ad6bf47cf73966936af7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RCtrl", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740792921", "to_ids": true, "type": "sha256", "uuid": "e4ec1947-2d8c-4452-b381-6695af660795", "value": "326dc311e7e41b138088b99589e996e990934c8afb0aeb0013cef18a8ec94b70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792530", "to_ids": true, "type": "ssdeep", "uuid": "a25ab641-f7a4-41aa-9f7a-9591aa0b4fe3", "value": "24576:vkta3uz3u4lnC0xoZh5xAhIX8okYm05q2VVV:ct82u1BofAV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792530", "to_ids": false, "type": "size-in-bytes", "uuid": "7783557c-bf50-49b9-a102-4b1e85cc9efe", "value": "863744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792530", "to_ids": true, "type": "vhash", "uuid": "2b19357a-f1a2-4dbe-8d7f-cd109d8d43e7", "value": "08503e0f7d1015z11z47z101013z1011z11z101017z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792530", "to_ids": true, "type": "filename", "uuid": "f04ee320-59a1-43b6-9935-77199536dcdd", "value": "nvidafix.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792530", "to_ids": false, "type": "text", "uuid": "5719138f-d768-4c58-9ae8-90c3c204cd63", "value": "RCtrl\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:43/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740883656", "uuid": "1a106c5b-eb8a-4a63-a429-c43bf3e065b0", "Attribute": [ { "category": "Payload delivery", "comment": "RHttpCtrl", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740883656", "to_ids": true, "type": "md5", "uuid": "ef6faba5-c16a-4c17-95da-5e3e04bbb400", "value": "ed09b0dba74bf68ec381031e2faf4448", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RHttpCtrl", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740792922", "to_ids": true, "type": "sha1", "uuid": "2e689dfa-5ebf-493f-b955-f2c05ec87707", "value": "cad93f99614e4419bc80456a4758335863e1beab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RHttpCtrl", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740792922", "to_ids": true, "type": "sha256", "uuid": "4866073d-c4da-402a-a96a-f3e9db2cf8f7", "value": "946a647ebdfacfcb7884e416585e54e41f2de5da29145d91115c6e4d45bd2d67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792551", "to_ids": true, "type": "ssdeep", "uuid": "86a21797-6933-4ad6-8156-a6f1e4ad8238", "value": "3072:gdx9fjlWOobg4yWfvGdXfEkNc82XROgdQXCEW5f4HXcaE2cBSMO609B/z:gf9fj8bZbvmXfEky8iYXm5JvUJz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792551", "to_ids": false, "type": "size-in-bytes", "uuid": "a50bc336-37ce-4db5-ac65-b3a3bb877ce3", "value": "146432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792551", "to_ids": true, "type": "vhash", "uuid": "8a6c786c-bead-4d80-b0e3-51d2ff25a0a9", "value": "015076655d151d15156055z7006cjz201085z47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792551", "to_ids": true, "type": "filename", "uuid": "9c1b7ed9-cc9d-4aa5-bb06-e91b141f7ca9", "value": "946a647ebdfacfcb7884e416585e54e41f2de5da29145d91115c6e4d45bd2d67_unpacked" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792551", "to_ids": false, "type": "text", "uuid": "3784ab5c-1c50-4519-9540-9b97408cbba8", "value": "RHttpCtrl\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:51/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740883677", "uuid": "ff22eebe-faa3-41c0-b9c1-fd4515325c10", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740883677", "to_ids": true, "type": "md5", "uuid": "a3c689ed-2e45-42fc-8f0f-6a8051a35c7e", "value": "c9b1c8b51234265983cf8427592b0a68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740792923", "to_ids": true, "type": "sha1", "uuid": "addac839-6e8e-478b-a5f2-2e305eb00f70", "value": "5b0c060f6a917398479a49cbf20289c2757d10de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740792923", "to_ids": true, "type": "sha256", "uuid": "e1e2e43c-6cd2-4801-b1a1-ec2ddc30c344", "value": "f3149bf72a4f5f49a1c52d70ffe1be0e6980d4601bf33cc7d4a5aa0da4eed7e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792573", "to_ids": true, "type": "ssdeep", "uuid": "3f7d15c7-c1dc-42ee-8d13-cfea46c7d1ed", "value": "49152:0kh2uhEUVffZo43ucwdjXJzZM9bFNHUOHwff:0khFhEifZomucwFXJzZM9bFNHUO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792573", "to_ids": false, "type": "size-in-bytes", "uuid": "5cc28f3c-a08e-461b-9365-287b41d95aa9", "value": "2077184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792573", "to_ids": true, "type": "vhash", "uuid": "69644913-ed13-4a1c-a9f3-e999e7555ec1", "value": "026086655d55151d15156114z6100ab6z150c023za0700dc1zc010d7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792573", "to_ids": true, "type": "filename", "uuid": "5c2b38c5-2ba8-4a6b-b932-44e256f0046a", "value": "VirusShare_c9b1c8b51234265983cf8427592b0a68" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792573", "to_ids": false, "type": "text", "uuid": "77a85537-29cb-4b70-8027-2adb66cdb593", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:45/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740883699", "uuid": "f6afb8fd-1e52-4ad7-bae4-ecc7f4b477cb", "Attribute": [ { "category": "Payload delivery", "comment": "BACKSPACE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740883699", "to_ids": true, "type": "md5", "uuid": "df8c15b3-bea1-4229-a63e-83e2266f78bd", "value": "101bda268bf8277d84b79fe52e25fee4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BACKSPACE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740792924", "to_ids": true, "type": "sha1", "uuid": "9056319e-8d8c-412d-9f24-d35084b15fed", "value": "248e2c6821d14c77d497858846bd490a76af4bb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BACKSPACE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740792924", "to_ids": true, "type": "sha256", "uuid": "c7580613-2194-4d7b-96cc-f14f5b27f49c", "value": "b16e1f2adb6e83e787ac7dbed2f09f1fd09f0ac08bf63484056746ebff4dda8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792594", "to_ids": true, "type": "ssdeep", "uuid": "bfff7262-dda8-4042-bcb2-8f3a36835eba", "value": "1536:z6wtMLOsAYI//hLdjISD6icukSRHvMmizpmOyJCjsiXUoPbf:vMGn/cS9BVvMmmRJjsiXUo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792594", "to_ids": false, "type": "size-in-bytes", "uuid": "b6e0e422-b57a-4ce4-ba7b-ab2ac2d2e3d7", "value": "81920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792594", "to_ids": true, "type": "vhash", "uuid": "6f6af3f7-cd43-425c-94d2-d1436116120f", "value": "084046651d1510f8z5e1z23z27z104jz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792594", "to_ids": true, "type": "filename", "uuid": "021288df-825c-455f-bb8a-f414043b0051", "value": "chrome.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792594", "to_ids": false, "type": "text", "uuid": "0f447d43-c6c3-4866-b230-c2323710d48c", "value": "BACKSPACE\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Dynamer!rfn\nVT Total Detection:54/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740883720", "uuid": "2495df91-7bf8-47ec-b031-452f306e02a3", "Attribute": [ { "category": "Payload delivery", "comment": "BACKSPACE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740883720", "to_ids": true, "type": "md5", "uuid": "cad7f549-96ea-403e-a24f-cd07990c083b", "value": "d9c42dacfae73996ccdab58e429548c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BACKSPACE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740792925", "to_ids": true, "type": "sha1", "uuid": "f5b58b71-34f9-4612-ac1c-441050598360", "value": "9d7787dc9c204a203356401032095a9d69f21492", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BACKSPACE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740792926", "to_ids": true, "type": "sha256", "uuid": "2ea11f6b-85bb-4253-a949-18369a4f07c9", "value": "a0d3450eebbe0021aaa109fe1bcf3d8f1786c112caf26d2e344a5701e314497a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792616", "to_ids": true, "type": "ssdeep", "uuid": "14ec1687-a8f1-4f9d-b47a-24fe81828a4f", "value": "1536:sXf7iFnWARC5gt+72gOJcrLwWuyoVVZoHwdzE:EQWKtiVOyLwWto7e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792616", "to_ids": false, "type": "size-in-bytes", "uuid": "e2d81752-3d72-4dc0-afb9-c14d019accd4", "value": "77824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792616", "to_ids": true, "type": "vhash", "uuid": "8897869d-b26f-4349-83ad-2fde91f92c47", "value": "074046655d155058z4fhz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792616", "to_ids": true, "type": "filename", "uuid": "ec7085fc-1cc2-4bd4-8807-5d248f39f275", "value": "virussign.com_d9c42dacfae73996ccdab58e429548c0.vir" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792616", "to_ids": false, "type": "text", "uuid": "d67a303c-f170-43be-861c-656c67dda090", "value": "BACKSPACE\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Occamy.AA\nVT Total Detection:52/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740883741", "uuid": "4fcf5717-6ad0-4927-8513-4216b6968716", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740883741", "to_ids": true, "type": "md5", "uuid": "a30180d8-968c-4e49-84c8-b0e0f2e621e8", "value": "634e79070ba21e1e8f08aba995c98112", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740792927", "to_ids": true, "type": "sha1", "uuid": "05f7acf1-e07e-45bb-afdf-af31a5e5736d", "value": "dfcccb6095b08db5119dbf09e7a5b0a93bc6208d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740792927", "to_ids": true, "type": "sha256", "uuid": "080ae4c5-f90b-46ac-b0b9-3228af81d40f", "value": "ef85085b0db8bac277740200ce36f6370b080bd09a039ac165eddfdea230d14d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792637", "to_ids": true, "type": "ssdeep", "uuid": "cb5711ce-c546-4deb-a811-48e4d6d4bf67", "value": "384:haKOSxNPhxO6dJzrQCCKf/HuktRxPfAkSZKGFJSSNRjxQsw6rQNuSvOBXgWz:I+9JJb//TKBSSNRjxQharz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792637", "to_ids": false, "type": "size-in-bytes", "uuid": "8ad9cdac-3bb3-4fd7-afca-aa9c87fe7769", "value": "22981" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792637", "to_ids": true, "type": "vhash", "uuid": "cfc89da5-1639-4dc4-b3ac-036db10006b9", "value": "3030c3fa4c1d684059c8990d31a4e862" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792637", "to_ids": true, "type": "filename", "uuid": "7e3af73e-7638-46ea-8849-00847296a123", "value": "AGENDA.docx" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/10/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792637", "to_ids": false, "type": "text", "uuid": "1f651dd7-142f-458a-beae-86d9ad4c0e99", "value": "Type Description: Office Open XML Document\n\nMicrosoft: None\nVT Total Detection:0/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740883762", "uuid": "c905631b-fd64-41ac-85dd-87ee10391b87", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740883762", "to_ids": true, "type": "md5", "uuid": "d4ec0889-002c-427e-9feb-690848d43ba3", "value": "4fdfe014bed72317fa40e4a425350288", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740792928", "to_ids": true, "type": "sha1", "uuid": "116f7a3b-18ca-445f-8a6e-72d6a15b6796", "value": "cfed5353a552719a3c262db0423f4a58e10bb991", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740792928", "to_ids": true, "type": "sha256", "uuid": "b8a22167-2cd6-44b3-9610-df5d8a5471c3", "value": "542bc34adfb1567551146085c04d20171790b379303ca059d5789bd0cbe49862", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792658", "to_ids": true, "type": "ssdeep", "uuid": "6c62e216-9602-49fd-bfb3-3ef28954d9c7", "value": "12288:xL7GLzUOUl64UzuuCGO6to/OBpZJk9Pvu:xL7GLzUOU0HiuCE1BTJk9nu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792658", "to_ids": false, "type": "size-in-bytes", "uuid": "a8088b8d-1471-406e-b0c8-23ff8866cde5", "value": "569560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792658", "to_ids": true, "type": "vhash", "uuid": "071c3d95-3e6f-4715-8402-ee3fc3908b21", "value": "055076655d151d151560f8z81hz43zbfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792658", "to_ids": true, "type": "filename", "uuid": "2eab2a4f-0e51-47d6-992c-9a95a2dd507d", "value": "Command line RAR" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792658", "to_ids": false, "type": "text", "uuid": "cb813651-61f2-4c97-8feb-d9a97f02c0c6", "value": "Type Description: Win32 EXE\n\nMicrosoft: None\nVT Total Detection:0/73" } ] } ] } }