{ "Event": { "analysis": "1", "date": "2024-04-03", "extends_uuid": "", "info": "[Threat Intel] The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via GitLab Abuse", "protected": false, "publish_timestamp": "1780039398", "published": true, "threat_level_id": "3", "timestamp": "1780039398", "uuid": "ffde907b-641c-4794-857f-1b577471daaf", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#77e006", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disabling Security Tools - T1089\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#9651e2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": "" }, { "colour": "#c1bf0d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Component Object Model Hijacking - T1122\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#1a8d0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"", "relationship_type": "" }, { "colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"JSOutProx\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"SOLAR SPIDER\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": false, "type": "link", "uuid": "c0caef5d-657e-4fb8-9b0e-f53038de9cd0", "value": "https://www.resecurity.com/blog/article/the-new-version-of-jsoutprox-is-attacking-financial-institutions-in-apac-and-mena-via-gitlab-abuse", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": false, "type": "text", "uuid": "898bf2d5-cbda-40f5-be17-64c4eaaf5133", "value": "Resecurity detected a new version of JSOutProx malware targeting financial services and organizations in the Asia-Pacific and Middle East/North Africa regions. This sophisticated malware utilizes both JavaScript and .NET, employing .NET deserialization to interact with a core JavaScript module running on the victim's machine. It enables loading various plugins for conducting additional malicious activities. The malware was initially attributed to the SOLAR SPIDER threat group and has been continuously improved since its identification in 2019. The recent campaigns abuse GitHub and GitLab for distributing malicious payloads, reflecting the actors' evolving tactics." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": false, "type": "text", "uuid": "5176aa81-beb6-4365-ab47-48eb945a0b01", "value": "Name: The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via GitLab Abuse\nAuthor: AlienVault\nAdversary: SOLAR SPIDER\nTags: [\"apac\", \"financial\", \"backdoor\", \"banking\", \"rat\", \"jsoutprox\", \"mena\"]\nTgtd countries: [\"British Indian Ocean Territory\", \"India\", \"Taiwan\", \"Philippines\", \"Singapore\", \"Malaysia\", \"Saudi Arabia\"]\nMlwr families: [\"JSOutProx\"]\nAttack_ids: [\"T1113\", \"T1089\", \"T1036\", \"T1107\", \"T1112\", \"T1059\", \"T1070\", \"T1122\", \"T1027\", \"T1105\", \"T1124\"]\nIndustries: [\"Finance\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": false, "type": "threat-actor", "uuid": "fa83ea25-f0cb-4357-b0b5-3b8d7d98c13d", "value": "SOLAR SPIDER" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:04/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746337437", "to_ids": true, "type": "sha1", "uuid": "9b5dec94-b904-4490-af4f-fb1270a7d034", "value": "b540e3682457f2499b687fa0cd213b03ba77290c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "url", "uuid": "fb42056b-bbd2-4ea2-a97d-12bcb5303eaf", "value": "http://hudukpgdgfytpddswq.ddns.net:8843/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "url", "uuid": "fde42f68-1cb4-43ef-96de-81c3231202f1", "value": "http://kiftpuseridsfryiri.ddns.net:8907/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "url", "uuid": "ac6fb213-5667-43a5-977b-e9e26ae816c0", "value": "http://mdytreudsgurifedei.ddns.net:9708/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "url", "uuid": "de4a9b7f-4abc-4959-8402-9b467575e9b0", "value": "http://suedxcapuertggando.ddns.net:8843/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "url", "uuid": "d1f532d3-0585-4041-88c0-454f0dbea8d1", "value": "http://ykderpgdgopopfuvgt.ddns.net:7891/" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "hostname", "uuid": "d4cb12af-9dbd-4225-8bf1-c27d6d5ec437", "value": "eopgupgdpopopfuupi.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "hostname", "uuid": "3273613b-9220-4abb-a213-dff94679e3aa", "value": "hudukpgdgfytpddswq.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "hostname", "uuid": "43444d22-8588-4a84-b6d4-86d19c80302e", "value": "kiftpuseridsfryiri.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "hostname", "uuid": "a9c24005-7daf-461a-9d42-46895656908b", "value": "mdytreudsgurifedei.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "hostname", "uuid": "4ce5f175-351a-452b-8650-6ea5007f6531", "value": "suedxcapuertggando.ddns.net" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736662357", "to_ids": true, "type": "hostname", "uuid": "03446f28-c3e4-4a6b-b9f8-d6d6968d2416", "value": "ykderpgdgopopfuvgt.ddns.net" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746337005", "to_ids": true, "type": "url", "uuid": "fcfcc680-e0d4-4706-a764-77cf78f71387", "value": "suedxcapuertggando.ddns.net:8843/" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039393", "to_ids": true, "type": "ip-dst", "uuid": "9671d003-73d3-4d46-88a3-54d00210c91b", "value": "185.244.30.218", "Tag": [ { "colour": "#b46b73", "local": false, "name": "asn:asn=\"211619\"", "relationship_type": "" }, { "colour": "#c74eda", "local": false, "name": "asn:as-owner=\"MAXKO\"", "relationship_type": "" }, { "colour": "#5d3da1", "local": false, "name": "asn:as-country=\"HR\"", "relationship_type": "" }, { "colour": "#df440c", "local": false, "name": "misp-galaxy:country=\"croatia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746337005", "to_ids": true, "type": "url", "uuid": "dd9778bd-ce85-4383-91f6-99c9ccd3fbe8", "value": "mdytreudsgurifedei.ddns.net:9708/" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746337005", "to_ids": true, "type": "url", "uuid": "726fddfc-31c9-4679-8e19-31e751bc50bf", "value": "kiftpuseridsfryiri.ddns.net:8907/" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746337005", "to_ids": true, "type": "url", "uuid": "8fede71c-f9ef-4d2e-8185-6b56a64a738e", "value": "hudukpgdgfytpddswq.ddns.net:8843/" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746337005", "to_ids": true, "type": "url", "uuid": "433a2dbe-28be-4484-b47a-366e53614750", "value": "ykderpgdgopopfuvgt.ddns.net:7891/" }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039395", "to_ids": true, "type": "ip-dst", "uuid": "ef2dff6f-4ef4-4f4f-8060-211e120f05ad", "value": "79.134.225.17", "Tag": [ { "colour": "#29d0f0", "local": false, "name": "asn:asn=\"6775\"", "relationship_type": "" }, { "colour": "#67f17a", "local": false, "name": "asn:as-owner=\"FINK-TELECOM-SERVICES\"", "relationship_type": "" }, { "colour": "#c13cc6", "local": false, "name": "asn:as-country=\"CH\"", "relationship_type": "" }, { "colour": "#4c1007", "local": false, "name": "misp-galaxy:country=\"switzerland\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039396", "to_ids": true, "type": "ip-dst", "uuid": "90ea59f7-afdb-4292-8bf5-090d99375ad6", "value": "103.212.81.155", "Tag": [ { "colour": "#3fd70b", "local": false, "name": "asn:asn=\"4648\"", "relationship_type": "" }, { "colour": "#8d09bb", "local": false, "name": "asn:as-owner=\"SPARK-NZ Global-Gateway Internet\"", "relationship_type": "" }, { "colour": "#f36d1b", "local": false, "name": "asn:as-country=\"NZ\"", "relationship_type": "" }, { "colour": "#4f8d3e", "local": false, "name": "misp-galaxy:country=\"new zealand\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039398", "to_ids": true, "type": "ip-dst", "uuid": "4693b6ca-d53f-4648-948e-4778e33054a7", "value": "103.212.81.157", "Tag": [ { "colour": "#3fd70b", "local": false, "name": "asn:asn=\"4648\"", "relationship_type": "" }, { "colour": "#8d09bb", "local": false, "name": "asn:as-owner=\"SPARK-NZ Global-Gateway Internet\"", "relationship_type": "" }, { "colour": "#f36d1b", "local": false, "name": "asn:as-country=\"NZ\"", "relationship_type": "" }, { "colour": "#4f8d3e", "local": false, "name": "misp-galaxy:country=\"new zealand\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337420", "uuid": "c6b85777-b4d0-4e06-92bd-28bf6246b783", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337420", "to_ids": true, "type": "md5", "uuid": "dbbf2110-f913-49ec-885e-8f835bff3e5f", "value": "118b6673bd06c8eb082296a7b35f8fa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337047", "to_ids": true, "type": "sha1", "uuid": "ea004483-195d-4841-9364-f7047548bff5", "value": "b966237c81c65c5d2a05498b88bd933702be7024", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337047", "to_ids": true, "type": "sha256", "uuid": "e19c3c0b-1505-458a-8364-70b782978460", "value": "b28a3ce4de97af62592658fad09b6b753496575e21a0deb3382f1d354c4697af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337047", "to_ids": true, "type": "ssdeep", "uuid": "9b9a90f6-5a96-4fa5-aaca-fb79317ff3cb", "value": "12288:tnYPzzSpMQO60qjzB2h8aaHlE9M/GdCtV043y9byUfx8s9OCIr4csiVISsiz5HGm:tYbupMQp0qjzB2h8aaHlYM/Gd6Vj3y94" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337047", "to_ids": false, "type": "size-in-bytes", "uuid": "d38988f2-0bcc-4802-a19b-343704661a47", "value": "772932" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337047", "to_ids": true, "type": "vhash", "uuid": "4ef62f73-0d07-459e-99c7-e54a34cbb889", "value": "d9fcf81ddd924999fdb0cf61bc70b272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337047", "to_ids": true, "type": "filename", "uuid": "b0b93d27-6ed4-4bf6-84dc-4d1aae3b3b5c", "value": "Transactions_Copy_65880983136606696162127010122,65890982136606696162127010102.js" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 01/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337047", "to_ids": false, "type": "text", "uuid": "28bffc0f-9350-465b-b397-f735cbbd2135", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/Downloader!MSR\nVT Total Detection:30/62\nFirst Submission:2024-03-27T06:03:03.000000+00:00\nLast Submission:2024-03-29T05:43:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337421", "uuid": "cf7f2ac4-ea20-4164-b718-61225ecc65d6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337421", "to_ids": true, "type": "md5", "uuid": "869c4418-ace1-47e2-92a3-968d0a5c2092", "value": "1bd7ce64f1a7cf7dc94b912ceb9533d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337068", "to_ids": true, "type": "sha1", "uuid": "94b122f1-6b5e-428a-999c-0370e291e890", "value": "7e43f51c5fdcf02fc661b7e63239a160f03e6d6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337068", "to_ids": true, "type": "sha256", "uuid": "6e445261-0ae9-4522-bb19-99a3f8da0791", "value": "38844172a0b8164c6039a7e8a1ec285b83e57c7a5cc779b7285c3dfcab7ed3fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337068", "to_ids": true, "type": "ssdeep", "uuid": "99d0278e-3541-4aeb-bdd3-a4ab45f0739a", "value": "12288:/0gHfiveEDi3m9F46e6t5xBwKtwOztc5AC48d8eNmwSBNgoVYN0vEIz+UjOBhSCD:/0gHfiveEDi3m9F46e6t5xBwKtwOztcF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337068", "to_ids": false, "type": "size-in-bytes", "uuid": "d0595197-0b90-4686-81f9-863a16d224c3", "value": "775136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337068", "to_ids": true, "type": "vhash", "uuid": "4f71da8e-4a40-450c-a6bd-8bae87b2398a", "value": "7ec68ff3ff5aeb30c2a6d135b24f82a8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337068", "to_ids": true, "type": "filename", "uuid": "25cd70c0-7a1d-4620-9594-c1bd21faf8fc", "value": "MoneyGram_AML_Compliance_review.pdf.js" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 02/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337068", "to_ids": false, "type": "text", "uuid": "240de0f8-6490-4963-88c1-02f1cc5364f0", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/Obfuse!MSR\nVT Total Detection:29/62\nFirst Submission:2023-11-15T08:24:56.000000+00:00\nLast Submission:2023-11-20T05:17:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337422", "uuid": "216359fd-9bb6-4f01-9cf8-a76029232e2c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337422", "to_ids": true, "type": "md5", "uuid": "88a44a20-6d45-49b1-b42a-45c36cf2c78c", "value": "3a2104953478d1e60927aa6def17e8e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337090", "to_ids": true, "type": "sha1", "uuid": "d0db5e36-62ef-4d4e-98aa-9cf09dcab8be", "value": "4697b372d48a31e173cbad170442df33a8bf53ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337090", "to_ids": true, "type": "sha256", "uuid": "7626dfdf-816c-43b2-b882-309af234a4e5", "value": "6ead19648d255ab27f04a3239871306558c4d48631aaa2d34b438d8172a2d15e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337089", "to_ids": true, "type": "ssdeep", "uuid": "8507a6f4-0af9-4711-97e4-3fb1fe08f619", "value": "12288:d/KEGrJ0aRMAZXhPiOYvQxxbPX56ywqU3T:diEAdMIdiOYvaXjU3T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337089", "to_ids": false, "type": "size-in-bytes", "uuid": "12852baf-4c3e-4a16-8daa-40303e1c4a61", "value": "457881" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337089", "to_ids": true, "type": "vhash", "uuid": "3751a02d-1a57-42bd-b7da-ba545d0f42bd", "value": "281a449afd64924cf9726c44c4259837" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337089", "to_ids": true, "type": "filename", "uuid": "919f0d5e-9ac4-48e1-87c2-630374cd256c", "value": "output.271136399.txt" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337089", "to_ids": false, "type": "text", "uuid": "1c81c97c-e16a-4173-adcd-a1361e5d1d48", "value": "Type Description: ZIP\nMicrosoft: Trojan:JS/Obfuse!MSR\nVT Total Detection:32/68\nFirst Submission:2024-01-31T09:11:03.000000+00:00\nLast Submission:2024-02-12T19:34:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337423", "uuid": "0813fec6-72fe-48fb-b92f-1d155f73adf9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337423", "to_ids": true, "type": "md5", "uuid": "abb1405a-4747-4100-9002-050c4eb81e95", "value": "3d46a462f262818cada6899634354138", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337111", "to_ids": true, "type": "sha1", "uuid": "5a23bb87-0318-45c0-9047-6a370e71776f", "value": "a94ab1c0e4f209da62c607ece64d612b053d9b58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337111", "to_ids": true, "type": "sha256", "uuid": "fdb6d997-b25c-46a5-821a-6fee53ea8db4", "value": "d3b7b5cbfdfcb72bb6a57ab02df04bd285e3bedfb0832738daa156d43f313ad2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337110", "to_ids": true, "type": "ssdeep", "uuid": "3ab0c0a4-528c-4f42-aff2-6d1dbd812800", "value": "24576:wRdKvCpAIa2m04QGfFS7m8Fxpec9/FPsgR8QAN84z91i2B9l/rU5VAp:Zn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337110", "to_ids": false, "type": "size-in-bytes", "uuid": "687af4f8-ff06-455f-a77e-2afbdd6d35f7", "value": "1606244" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337110", "to_ids": true, "type": "vhash", "uuid": "c71233ed-3d2e-4d43-bc8f-716c1c524cd3", "value": "f1c4ddb4a4b972fe19c93cfb3a27cb65" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337110", "to_ids": true, "type": "filename", "uuid": "51ccec93-b95d-43ec-8fd7-a94849d25119", "value": "Transaction_Ref_01302024_jpg.js" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 02/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337110", "to_ids": false, "type": "text", "uuid": "88323969-0967-4b8a-b0aa-bf2aa1f1616a", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/Obfuse!MSR\nVT Total Detection:33/62\nFirst Submission:2024-01-31T11:56:08.000000+00:00\nLast Submission:2024-01-31T15:02:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337424", "uuid": "b8ec395c-c11e-440e-a15d-e652baa50157", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337424", "to_ids": true, "type": "md5", "uuid": "bfc0709d-f6d7-420a-b059-5da83529f35c", "value": "66514548cdffab50d1ea75772a08df3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337133", "to_ids": true, "type": "sha1", "uuid": "9f7d9025-8912-4fb9-a1fd-a2bbbe484bac", "value": "3ef0c2b8586530377c53bf739a8886715ca8d52d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337133", "to_ids": true, "type": "sha256", "uuid": "25fc0087-6acc-497d-895f-39e7c18c63eb", "value": "caf5c5bc096353feb1f4daaa987e72539513ed58e4e22e5bba6c9ef120dad975", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337133", "to_ids": true, "type": "ssdeep", "uuid": "c64eb241-bf2c-4a2a-bd60-4f1230c3651f", "value": "12288:Alr1pWc8LsDNW4lGDJ35Cf5nnwt+h+9IKqdUDWLpxvVOknOoGyb+Ole:Ali8DNW6GO1womIROWL7Rb+OM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337133", "to_ids": false, "type": "size-in-bytes", "uuid": "39ff4b54-5cae-4ac6-96dc-9e811b88bea1", "value": "725287" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337133", "to_ids": true, "type": "vhash", "uuid": "c3fedb27-f258-4bbf-9c9a-3ec6138413c0", "value": "04cb66517d0644ca80247ef2123b4bc6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337133", "to_ids": true, "type": "filename", "uuid": "a507122f-1571-423f-8680-8b0f33336c0c", "value": "MoneyGram_Global_Compliance_pdf.js" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 03/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337133", "to_ids": false, "type": "text", "uuid": "2ddb77b7-e62c-4faa-83a5-3055897f1838", "value": "Type Description: JavaScript\nMicrosoft: None\nVT Total Detection:32/62\nFirst Submission:2024-02-05T23:22:25.000000+00:00\nLast Submission:2024-02-08T10:12:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337425", "uuid": "e98e5ce1-221d-4908-ae68-ea8c25e42f2d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337425", "to_ids": true, "type": "md5", "uuid": "034fc2fc-545a-4097-b3f6-cb473dc88791", "value": "6764dbc4df70e559b2a59e913d940d4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337155", "to_ids": true, "type": "sha1", "uuid": "aa792dc4-a8f2-4161-8d57-2fc9eca2e255", "value": "2bb8d0106f313d6ba33313117b2cf5758ed7bc34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337155", "to_ids": true, "type": "sha256", "uuid": "40b97e52-cec5-40b5-b2ea-fb2cbae9fa6d", "value": "e3e5dcd77dd3a56afb7ae001a427f0c09e94517c804b7ce33a7c93ffe9f7e1fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337154", "to_ids": true, "type": "ssdeep", "uuid": "4aacf26b-23b5-406c-af14-b02a87337a79", "value": "24576:GB//n08l0hfmeX28sV+kng9J6cJycaQQe5wv39hc6kN8y/udBhr09y9ToUDZc6fn:OzBDpY6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337154", "to_ids": false, "type": "size-in-bytes", "uuid": "4552615f-143a-4166-a1cc-48527b0a2f13", "value": "1034096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337154", "to_ids": true, "type": "vhash", "uuid": "62cdf735-2b83-492a-95d8-67ba72e32478", "value": "a25ed5e0c8cc10d0eba06f0afe873a68" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337154", "to_ids": true, "type": "filename", "uuid": "eae3135b-d9eb-48e4-af00-e8724fc0b411", "value": "Transaction_details_jpg.js" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 01/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337154", "to_ids": false, "type": "text", "uuid": "9e973051-cecf-4eea-9c59-b807dc7b1ff1", "value": "Type Description: JavaScript\nMicrosoft: Trojan:Win32/Leonem\nVT Total Detection:32/62\nFirst Submission:2023-11-22T10:31:04.000000+00:00\nLast Submission:2024-01-31T06:00:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337427", "uuid": "6a702c77-625e-42bf-9e35-3081cb0609e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337427", "to_ids": true, "type": "md5", "uuid": "8f0c10da-c94d-46d8-a178-08fd10ffc22d", "value": "72461c94bd27e5b001265bbccc931534", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337178", "to_ids": true, "type": "sha1", "uuid": "c0bb98d6-8f1c-4040-93c3-8aea2b20fdf5", "value": "83a6d24ef72228fe39bb5f11b750d14e42d1a382", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337178", "to_ids": true, "type": "sha256", "uuid": "7839c5b0-b6d6-48c1-92a1-c9b3e8225557", "value": "bf0e1f2347bae5346c48d2a18fd82977af4f71b906da0bd1d74ed6d847624a4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337177", "to_ids": true, "type": "ssdeep", "uuid": "2f48d710-248c-43c9-a021-ca63109823ae", "value": "6144:r7alql3ZVAgDSYnSHrn2njz7EYaEURXTLd:r7alqlpVpSYS72njHDDU5Pd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337177", "to_ids": false, "type": "size-in-bytes", "uuid": "d0741ed9-c34c-4a0f-81fd-9ce532bacaf2", "value": "254940" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337177", "to_ids": true, "type": "vhash", "uuid": "c51196a6-317a-4a84-9854-16a953690b93", "value": "0596dc639a41ac5df3756abd30ce5991" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337177", "to_ids": true, "type": "filename", "uuid": "e39b5fd8-91f2-4f45-8165-536e953d05cc", "value": "MoneyGram_AML_Compliance_review.pdf.zip" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 15/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337177", "to_ids": false, "type": "text", "uuid": "f55e303f-1d2a-4c42-92ae-17e655deda9c", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Vigorf.A\nVT Total Detection:35/67\nFirst Submission:2023-11-15T08:15:26.000000+00:00\nLast Submission:2023-11-15T08:43:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337428", "uuid": "a75d9474-bbb0-4182-96ab-d89b9619a96a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337428", "to_ids": true, "type": "md5", "uuid": "eeefe5bb-8ea0-44f7-9d4a-49e67d0ed69d", "value": "81b9e7deb17e3371d417ad94776b2a26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337202", "to_ids": true, "type": "sha1", "uuid": "12bd5ca4-a54d-4701-a902-923c9973d46c", "value": "2cce9a74f936a1ee90fb9b8873340ac9b91e06c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337203", "to_ids": true, "type": "sha256", "uuid": "4c19f259-c5f1-466b-8697-b46422b428e6", "value": "a29bd8cec92fe1d747b83ec8fbc8dfe74abe4d08926962ee81f1884a42defeb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337202", "to_ids": true, "type": "ssdeep", "uuid": "2b611aae-059a-4906-8e41-1ff8314ea65f", "value": "6144:DyehIvq15c0zjHYjSoubyE6sMGJHg6ouAG+qSXfKAm3w8F:Rh/c2EOoQy2M8g6ouAG8v63z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337202", "to_ids": false, "type": "size-in-bytes", "uuid": "66421d13-6323-4deb-9ea6-8d02ef00262c", "value": "250168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337202", "to_ids": true, "type": "vhash", "uuid": "318577e2-6f4f-43d9-ab2f-2bbc120bb2d0", "value": "0596dc639a41ac5df3756abd30ce5991" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337202", "to_ids": true, "type": "filename", "uuid": "76b176dc-8256-425f-af9b-658aa543c5c7", "value": "Swift_Copy_jpg.zip" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 16/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337202", "to_ids": false, "type": "text", "uuid": "27d92ad7-19b4-47fa-bb04-b8d5ca1ab262", "value": "Type Description: ZIP\nMicrosoft: Trojan:JS/Obfuse!MSR\nVT Total Detection:32/67\nFirst Submission:2023-11-01T07:55:41.000000+00:00\nLast Submission:2024-02-06T02:31:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337429", "uuid": "bd2590ab-7525-410b-a075-bc7aa0bcad41", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337429", "to_ids": true, "type": "md5", "uuid": "942cc00d-90b5-4b06-92a4-3a364d11e487", "value": "89a088cd92b7ed59fd3bcc7786075130", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337224", "to_ids": true, "type": "sha1", "uuid": "d24b8e4f-4cb6-4a29-894d-e382a952ae38", "value": "2f7ee26ba03438ccf21e4a0c1fbcd4413f1953b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337224", "to_ids": true, "type": "sha256", "uuid": "9e09ed70-f5cb-42ab-a1d5-4eac140d5981", "value": "792260125a23187f967609e070538d77a4f8a40c0189f568444ff6089703df3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337223", "to_ids": true, "type": "ssdeep", "uuid": "e68d4426-0074-416b-914e-ec5543f7102f", "value": "12288:twoVzXKyMHCVNS4YTp9E+oM+49Z1qT5LJKa3G9YzXvZ5qfSnUJrPgOIGfmWjjwMB:fz6yMHCPYTpbp+oYTRwYroSnUJbA1ajZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337223", "to_ids": false, "type": "size-in-bytes", "uuid": "5788e841-d87b-4828-ba8e-1618a35d23ad", "value": "739022" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337223", "to_ids": true, "type": "vhash", "uuid": "c12116a8-6404-4562-a910-be172f76c855", "value": "dc2b6558841b85ffef2f02b45be704ac" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337223", "to_ids": true, "type": "filename", "uuid": "4a41f2f5-53ee-42b7-8872-cf211c129b82", "value": "Transaction_Ref_jpg.js" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 01/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337223", "to_ids": false, "type": "text", "uuid": "bec49162-45d5-4454-894e-ae680b16f935", "value": "Type Description: JavaScript\nMicrosoft: Trojan:Win32/Leonem\nVT Total Detection:32/62\nFirst Submission:2024-02-05T23:21:46.000000+00:00\nLast Submission:2024-02-06T01:59:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337431", "uuid": "cfd3bb35-babf-469b-8f01-5114430d7a7d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337431", "to_ids": true, "type": "md5", "uuid": "415be86b-a618-43a2-b467-bbc854db000f", "value": "9c9df8fbcef8acd1a5265be5fd8fdce9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337245", "to_ids": true, "type": "sha1", "uuid": "905adb09-99a6-48f8-a580-1420cbe4be78", "value": "d5d5623203982bc5b851a4056fa986340ec3bdec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337245", "to_ids": true, "type": "sha256", "uuid": "7f7e0d22-a158-43b1-b3bd-4a7953ee7700", "value": "60209175759971156385d77921a8d6062c8332ebb336b9289e081ea5809dbcac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337244", "to_ids": true, "type": "ssdeep", "uuid": "0551baca-1a8e-4598-9a97-1bfeaeca23b5", "value": "6144:gXEzYwCjJNKOuSPowEHkvHW4cxXzM3i6Vzk9fw5d:yDwiNK6PoevHWfxX8i+A9fw5d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337244", "to_ids": false, "type": "size-in-bytes", "uuid": "adc908f9-9ae3-4ae4-83a0-556d0eb69232", "value": "249864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337244", "to_ids": true, "type": "vhash", "uuid": "4e90bd21-e5c8-417c-a256-6377ca0df3aa", "value": "0596dc639a41ac5df3756abd30ce5991" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337244", "to_ids": true, "type": "filename", "uuid": "ddb27e2c-4a4a-4332-80f6-525926e47c74", "value": "MoneyGram_Global_Compliance_pdf.zip" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 16/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337244", "to_ids": false, "type": "text", "uuid": "b600211b-d425-4215-8c32-3cf9586407ac", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:30/68\nFirst Submission:2024-02-05T23:21:17.000000+00:00\nLast Submission:2024-02-06T02:22:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337433", "uuid": "bd06b740-ac8d-4aa8-938c-bcf8c78be1d0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337433", "to_ids": true, "type": "md5", "uuid": "c54f2141-74b3-4d0b-ab24-c0a4eec2e30a", "value": "bea8cf1f983120b68204f2fa9448526e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337266", "to_ids": true, "type": "sha1", "uuid": "1230c8e5-c818-4d99-9433-a5486e0e276c", "value": "a701384efd419aae4e454083695257cc49a60a5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337266", "to_ids": true, "type": "sha256", "uuid": "31940109-b21c-4636-a954-9a70806fc518", "value": "43f0511c5bf42c97604d6013dd671cf266f8f6cceccc223dc1a3535d4660faf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337266", "to_ids": true, "type": "ssdeep", "uuid": "835d7b83-7036-4de3-82c6-fa9966ddc6f7", "value": "12288:W3iOFYJjfsxsBBDTIsUbSCnEFQ47+SoOYI4dJXh74f6nfEniERMBqzEsrf9RtJsW:W3Gf2aTIsfaEFQ47+SoOYI4dJXh74fae" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337266", "to_ids": false, "type": "size-in-bytes", "uuid": "1ad71427-d283-42c5-8aa3-b249704ce925", "value": "724970" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337266", "to_ids": true, "type": "vhash", "uuid": "21356b6a-4f50-4537-870a-282a5e6499aa", "value": "c19548e3f0e296dc48fff59bbc01b8ee" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337266", "to_ids": true, "type": "filename", "uuid": "098b3f99-a343-40f8-ad03-4750395349b6", "value": "TRXN-00000087312_pdf.js" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 01/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337266", "to_ids": false, "type": "text", "uuid": "7fec6e60-115e-4fd7-8a7d-f1d7370a9f19", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/Obfuse!MSR\nVT Total Detection:33/62\nFirst Submission:2023-11-01T10:07:18.000000+00:00\nLast Submission:2024-02-06T00:21:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337434", "uuid": "40c89cef-aea7-489a-93b9-4a8adfae4fea", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337434", "to_ids": true, "type": "md5", "uuid": "a9c25436-be3e-4609-a5f9-d3017bf3fcc4", "value": "d22f76e60a786f0c92fa20af1a1619b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337287", "to_ids": true, "type": "sha1", "uuid": "1dc141c0-dd32-4783-b308-cebf81f9b856", "value": "fb2f829421ed678b41c623cfd4fca4cc117f5430", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337287", "to_ids": true, "type": "sha256", "uuid": "501df88e-9396-4fa1-af53-077f9b27de90", "value": "ee2a06dab3a2681e51283cc552b8c29ea5c19fe971ef6fe6cca5bfd60296af0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337287", "to_ids": true, "type": "ssdeep", "uuid": "c197689e-63d5-4c53-baaf-d10328fe384a", "value": "6144:TjYBm1LWEtBA+KQPoG5xKHJggG9Wbj6MuA6P4ca2GE:vYUTkxQHx4se6PyE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337287", "to_ids": false, "type": "size-in-bytes", "uuid": "b852a0f6-8346-48c7-a2d7-8b72115827e1", "value": "255725" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337287", "to_ids": true, "type": "vhash", "uuid": "34542730-d67f-4b39-89bc-d664f3b5adad", "value": "0596dc639a41ac5df3756abd30ce5991" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337287", "to_ids": true, "type": "filename", "uuid": "f5044e05-5e7f-46cd-a63b-eb6a8940cc9c", "value": "Transaction_Ref_jpg.zip" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 17/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337287", "to_ids": false, "type": "text", "uuid": "bb1ab761-07ca-4f0f-b295-68910118f1fa", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:31/68\nFirst Submission:2024-02-05T23:21:04.000000+00:00\nLast Submission:2024-02-06T01:23:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337435", "uuid": "19eb3d20-37f6-49fc-9aff-8d5c8be522e6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337435", "to_ids": true, "type": "md5", "uuid": "d1982fc7-3ae3-4c52-a117-29f696813e0b", "value": "efad51e48d585b639d974fcf39f7ee07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337309", "to_ids": true, "type": "sha1", "uuid": "76a2be36-3575-4764-9931-1eddfadc3109", "value": "bc38020fa1193fa03c7a7b754d6f461b8f381716", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337309", "to_ids": true, "type": "sha256", "uuid": "903d4d13-b8e5-4b39-8098-efcda5cbdc6e", "value": "f6df2f93cecf26e1573ff75c6ea5e83a9750e2e2f3a9210ed4868b49ec72995e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337308", "to_ids": true, "type": "ssdeep", "uuid": "a87b8b32-b93e-4502-8e32-b9555004b7a5", "value": "6144:MLffgfnUdHnGElHYTFyBthWsVROpPsUNPYX0MIaPfMB+wu6:hfnUNcMFnAi0JaPIJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337308", "to_ids": false, "type": "size-in-bytes", "uuid": "80b30758-15f9-4d05-839f-dfb80d5223ca", "value": "229035" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337308", "to_ids": true, "type": "vhash", "uuid": "02d6fb2b-76ec-41d0-94b6-ad286e2521e7", "value": "0e31f71d53da7ef3c7fc7984c51d6418" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337308", "to_ids": true, "type": "filename", "uuid": "c120152a-214a-48f7-980a-9230f7c0d107", "value": "Transactions_Copy_65880983136606696162127010122_65890982136606696162127010102.zip" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 18/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337308", "to_ids": false, "type": "text", "uuid": "f9d35b76-d512-47d0-9bad-8c26a79ecc7c", "value": "Type Description: ZIP\nMicrosoft: Trojan:Win32/Vigorf.A\nVT Total Detection:29/65\nFirst Submission:2024-03-28T14:47:18.000000+00:00\nLast Submission:2024-03-28T14:49:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746337436", "uuid": "3681ad3d-a4b1-4498-bed6-d3dfc8be51d1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746337436", "to_ids": true, "type": "md5", "uuid": "636f3f95-6d07-40c3-9e73-83511f31ff24", "value": "f1858438a353d38e3e19109bf0a5e1be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746337330", "to_ids": true, "type": "sha1", "uuid": "cb817678-5d95-4b6e-94ed-816f74a77eef", "value": "493aa97a9c9f4b59a27fca3edd236d5241e7c71f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746337330", "to_ids": true, "type": "sha256", "uuid": "3a6c7a76-9224-453d-977a-2115c1f7705f", "value": "d3ac312f4a72c80051a830189feca017080afc2a51aa4404f78e7412ffdc9236", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746337329", "to_ids": true, "type": "ssdeep", "uuid": "d8e47229-10d1-4664-bcf4-b6a776d07ee3", "value": "6144:fhbJQXDqS0lD/fZWDA0oJz272rJ9Hu7kMWDU/dq6uatlbwczy3kvpouR7/agpXE:f/Qx0F5WPod2irJ9HunMbCwczWkvag7m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746337329", "to_ids": false, "type": "size-in-bytes", "uuid": "c66807f0-d1ad-4598-ab65-c2c29983291b", "value": "369549" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746337329", "to_ids": true, "type": "vhash", "uuid": "e88f0208-986f-4ff8-94a1-3bfbe062fa2c", "value": "0596dc639a41ac5df3756abd30ce5991" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746337329", "to_ids": true, "type": "filename", "uuid": "10b40bab-53bd-4b86-bede-343af4aa50d7", "value": "Transaction_details_jpg.zip" }, { "category": "Other", "comment": "Checked: 04/05/2025\nLast-scan\t: 16/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746337329", "to_ids": false, "type": "text", "uuid": "1a4dbdaf-4b8d-4b86-9c75-d8dd7cadaafe", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:30/67\nFirst Submission:2023-11-28T01:08:48.000000+00:00\nLast Submission:2024-02-01T07:37:55.000000+00:00" } ] } ] } }