{"05866c45-7c9e-4481-ae50-60471a9c91ed": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": ""}, {"colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": ""}, {"colour": "#08b028", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Estries\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Chemical\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Consulting\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"NGO\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Technology\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Transport\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-tool=\"PsExec - S0029\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Swaziland\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MASOL\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SNAPPYBEE\"", "relationship_type": ""}], "info": "[Threat Intel] Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions", "date": "2024-11-25", "analysis": 1, "threat_level_id": 1, "timestamp": 1780496685}, "b84131c5-e0d4-406c-96f6-fd36461f0780": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#3000b9", "local": false, "name": "rectifyq:workflow=\"enrichment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#0c8fe6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Email Collection - T1114.001\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NodeStealer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Raspberry Robin\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"vietnam\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Python-Based NodeStealer Version Targets Facebook Ads Manager", "date": "2024-12-19", "analysis": 1, "threat_level_id": 2, "timestamp": 1780439641}, "a013c3bb-1b42-4372-9a24-fd1efedf4004": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#9dfeaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Abuse Elevation Control Mechanism - T1548\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": ""}, {"colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#fdd85e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": ""}, {"colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#57ece2", "local": false, "name": "misp-galaxy:target-information=\"Djibouti\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#f834a3", "local": false, "name": "misp-galaxy:target-information=\"Maldives\"", "relationship_type": ""}, {"colour": "#c385b5", "local": false, "name": "misp-galaxy:target-information=\"Morocco\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#ff41c1", "local": false, "name": "misp-galaxy:target-information=\"Nepal\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#09ea0d", "local": false, "name": "misp-galaxy:target-information=\"Sri Lanka\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"RAZOR TIGER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Infrastructure\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Logistic\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Oil\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:04856c5c-870e-43c4-95a4-8e3dcb8b2582=\"c62008f8-576a-4495-9e3f-5b1f1f398167\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] SideWinder APT's post-exploitation framework analysis", "date": "2024-10-15", "analysis": 1, "threat_level_id": 1, "timestamp": 1773034851}, "a9c8d390-6524-4a0e-b05b-6d1a8b6d0082": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#3000b9", "local": false, "name": "rectifyq:workflow=\"enrichment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": ""}, {"colour": "#e72d65", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1574.001\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#65d24c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": ""}, {"colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#6fe7f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Tool - T1588.002\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT23\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"145 - Western Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-malware=\"China Chopper - S0020\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SparrowDoor\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}], "info": "[Threat Intel] Tropic Trooper spies on government entities in the Middle East", "date": "2024-09-05", "analysis": 1, "threat_level_id": 1, "timestamp": 1780039377}, "91ec5b1f-2db7-4fd0-b3f1-5896939d72d5": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#bf83fd", "local": false, "name": "misp-galaxy:producer=\"Recorded Future\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#3000b9", "local": false, "name": "rectifyq:workflow=\"enrichment\"", "relationship_type": ""}, {"colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#bf2644", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server Software Component - T1505\"", "relationship_type": ""}, {"colour": "#3d38fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire Infrastructure - T1583\"", "relationship_type": ""}, {"colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": ""}, {"colour": "#866c0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Active Scanning - T1595\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#fbaa07", "local": false, "name": "misp-galaxy:target-information=\"Kenya\"", "relationship_type": ""}, {"colour": "#631fed", "local": false, "name": "misp-galaxy:target-information=\"Rwanda\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#57ece2", "local": false, "name": "misp-galaxy:target-information=\"Djibouti\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"RedJuliett\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Diplomacy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Technology\"", "relationship_type": ""}, {"colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Vulnerability Scanning - T1595.002\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Laos\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}], "info": "[Threat Intel] Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via Network Perimeter Exploitation", "date": "2024-06-24", "analysis": 1, "threat_level_id": 1, "timestamp": 1780382059}, "93c5c28d-f2ad-4db2-a959-4fff38dde26f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#bd512b", "local": false, "name": "misp-galaxy:target-information=\"Belarus\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#732009", "local": false, "name": "misp-galaxy:target-information=\"Colombia\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#1c5aae", "local": false, "name": "misp-galaxy:target-information=\"Peru\"", "relationship_type": ""}, {"colour": "#0f0428", "local": false, "name": "misp-galaxy:target-information=\"Algeria\"", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": ""}, {"colour": "#c385b5", "local": false, "name": "misp-galaxy:target-information=\"Morocco\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#9f5dac", "local": false, "name": "misp-galaxy:target-information=\"Romania\"", "relationship_type": ""}, {"colour": "#aad0dc", "local": false, "name": "misp-galaxy:target-information=\"Uzbekistan\"", "relationship_type": ""}, {"colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#74d147", "local": false, "name": "misp-galaxy:target-information=\"Czech Republic\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#4bec12", "local": false, "name": "misp-galaxy:target-information=\"Chile\"", "relationship_type": ""}, {"colour": "#4929fe", "local": false, "name": "misp-galaxy:target-information=\"Iraq\"", "relationship_type": ""}, {"colour": "#c70b8f", "local": false, "name": "misp-galaxy:target-information=\"Portugal\"", "relationship_type": ""}, {"colour": "#620e4e", "local": false, "name": "misp-galaxy:target-information=\"Hungary\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#c180fb", "local": false, "name": "misp-galaxy:target-information=\"Norway\"", "relationship_type": ""}, {"colour": "#321f24", "local": false, "name": "misp-galaxy:target-information=\"Ecuador\"", "relationship_type": ""}, {"colour": "#09ea0d", "local": false, "name": "misp-galaxy:target-information=\"Sri Lanka\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#199542", "local": false, "name": "misp-galaxy:target-information=\"Serbia\"", "relationship_type": ""}, {"colour": "#08ee7c", "local": false, "name": "misp-galaxy:target-information=\"Dominican Republic\"", "relationship_type": ""}, {"colour": "#64388b", "local": false, "name": "misp-galaxy:target-information=\"Tunisia\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#41c393", "local": false, "name": "misp-galaxy:target-information=\"Kyrgyzstan\"", "relationship_type": ""}, {"colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#fbaa07", "local": false, "name": "misp-galaxy:target-information=\"Kenya\"", "relationship_type": ""}, {"colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#72ab92", "local": false, "name": "misp-galaxy:target-information=\"Lithuania\"", "relationship_type": ""}, {"colour": "#eb5a95", "local": false, "name": "misp-galaxy:target-information=\"Latvia\"", "relationship_type": ""}, {"colour": "#7d6b1a", "local": false, "name": "misp-galaxy:target-information=\"Georgia\"", "relationship_type": ""}, {"colour": "#bedb1f", "local": false, "name": "misp-galaxy:target-information=\"Nigeria\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#ff41c1", "local": false, "name": "misp-galaxy:target-information=\"Nepal\"", "relationship_type": ""}, {"colour": "#6d455d", "local": false, "name": "misp-galaxy:target-information=\"Bulgaria\"", "relationship_type": ""}, {"colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": ""}, {"colour": "#0fa7af", "local": false, "name": "misp-galaxy:target-information=\"Armenia\"", "relationship_type": ""}, {"colour": "#f107e3", "local": false, "name": "misp-galaxy:target-information=\"Ghana\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#e6caf2", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": ""}, {"colour": "#04e23c", "local": false, "name": "misp-galaxy:target-information=\"Slovakia\"", "relationship_type": ""}, {"colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": ""}, {"colour": "#66e036", "local": false, "name": "misp-galaxy:target-information=\"Austria\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#09b89b", "local": false, "name": "misp-galaxy:target-information=\"Uruguay\"", "relationship_type": ""}, {"colour": "#d802cf", "local": false, "name": "misp-galaxy:target-information=\"Azerbaijan\"", "relationship_type": ""}, {"colour": "#a3567e", "local": false, "name": "misp-galaxy:target-information=\"Estonia\"", "relationship_type": ""}, {"colour": "#997689", "local": false, "name": "misp-galaxy:target-information=\"Ethiopia\"", "relationship_type": ""}, {"colour": "#7c8061", "local": false, "name": "misp-galaxy:target-information=\"Bosnia and Herzegovina\"", "relationship_type": ""}, {"colour": "#3c02c3", "local": false, "name": "misp-galaxy:target-information=\"Luxembourg\"", "relationship_type": ""}, {"colour": "#20962d", "local": false, "name": "misp-galaxy:target-information=\"Finland\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#9d320e", "local": false, "name": "misp-galaxy:target-information=\"Greece\"", "relationship_type": ""}, {"colour": "#4b3e92", "local": false, "name": "misp-galaxy:target-information=\"Palestine\"", "relationship_type": ""}, {"colour": "#8f3c0c", "local": false, "name": "misp-galaxy:target-information=\"Croatia\"", "relationship_type": ""}, {"colour": "#094367", "local": false, "name": "misp-galaxy:target-information=\"Denmark\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#b1b109", "local": false, "name": "misp-galaxy:target-information=\"Guatemala\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#4cebc3", "local": false, "name": "misp-galaxy:target-information=\"Lebanon\"", "relationship_type": ""}, {"colour": "#d9dfae", "local": false, "name": "misp-galaxy:target-information=\"Mongolia\"", "relationship_type": ""}, {"colour": "#9f8eb4", "local": false, "name": "misp-galaxy:target-information=\"Costa Rica\"", "relationship_type": ""}, {"colour": "#2a06af", "local": false, "name": "misp-galaxy:target-information=\"Paraguay\"", "relationship_type": ""}, {"colour": "#841801", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": ""}, {"colour": "#98048e", "local": false, "name": "misp-galaxy:target-information=\"Honduras\"", "relationship_type": ""}, {"colour": "#6e9c5c", "local": false, "name": "misp-galaxy:target-information=\"Madagascar\"", "relationship_type": ""}, {"colour": "#4e41fc", "local": false, "name": "misp-galaxy:target-information=\"Ireland\"", "relationship_type": ""}, {"colour": "#7ae837", "local": false, "name": "misp-galaxy:target-information=\"Cameroon\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#02a4c7", "local": false, "name": "misp-galaxy:target-information=\"Togo\"", "relationship_type": ""}, {"colour": "#b4dfcd", "local": false, "name": "misp-galaxy:target-information=\"North Macedonia\"", "relationship_type": ""}, {"colour": "#69061f", "local": false, "name": "misp-galaxy:target-information=\"Panama\"", "relationship_type": ""}, {"colour": "#d9210a", "local": false, "name": "misp-galaxy:target-information=\"Albania\"", "relationship_type": ""}, {"colour": "#63db91", "local": false, "name": "misp-galaxy:target-information=\"Cuba\"", "relationship_type": ""}, {"colour": "#437f93", "local": false, "name": "misp-galaxy:target-information=\"Senegal\"", "relationship_type": ""}, {"colour": "#c62adc", "local": false, "name": "misp-galaxy:target-information=\"Slovenia\"", "relationship_type": ""}, {"colour": "#5e8ca8", "local": false, "name": "misp-galaxy:target-information=\"Zambia\"", "relationship_type": ""}, {"colour": "#d6740b", "local": false, "name": "misp-galaxy:target-information=\"Uganda\"", "relationship_type": ""}, {"colour": "#71f7e5", "local": false, "name": "misp-galaxy:target-information=\"El Salvador\"", "relationship_type": ""}, {"colour": "#4b97c0", "local": false, "name": "misp-galaxy:target-information=\"Equatorial Guinea\"", "relationship_type": ""}, {"colour": "#a3dd51", "local": false, "name": "misp-galaxy:target-information=\"Angola\"", "relationship_type": ""}, {"colour": "#0bbdc3", "local": false, "name": "misp-galaxy:target-information=\"New Zealand\"", "relationship_type": ""}, {"colour": "#21c959", "local": false, "name": "misp-galaxy:target-information=\"Qatar\"", "relationship_type": ""}, {"colour": "#701b80", "local": false, "name": "misp-galaxy:target-information=\"Jamaica\"", "relationship_type": ""}, {"colour": "#efa459", "local": false, "name": "misp-galaxy:target-information=\"South Sudan\"", "relationship_type": ""}, {"colour": "#1f5547", "local": false, "name": "misp-galaxy:target-information=\"Sudan\"", "relationship_type": ""}, {"colour": "#031c9d", "local": false, "name": "misp-galaxy:target-information=\"Libya\"", "relationship_type": ""}, {"colour": "#13bb3c", "local": false, "name": "misp-galaxy:target-information=\"Oman\"", "relationship_type": ""}, {"colour": "#0dc5a4", "local": false, "name": "misp-galaxy:target-information=\"Mozambique\"", "relationship_type": ""}, {"colour": "#28720c", "local": false, "name": "misp-galaxy:target-information=\"Trinidad and Tobago\"", "relationship_type": ""}, {"colour": "#4ece2e", "local": false, "name": "misp-galaxy:target-information=\"Tajikistan\"", "relationship_type": ""}, {"colour": "#affa6e", "local": false, "name": "misp-galaxy:target-information=\"Burkina Faso\"", "relationship_type": ""}, {"colour": "#9df4e4", "local": false, "name": "misp-galaxy:target-information=\"Puerto Rico\"", "relationship_type": ""}, {"colour": "#71c031", "local": false, "name": "misp-galaxy:target-information=\"Nicaragua\"", "relationship_type": ""}, {"colour": "#842d01", "local": false, "name": "misp-galaxy:target-information=\"Benin\"", "relationship_type": ""}, {"colour": "#9077b1", "local": false, "name": "misp-galaxy:target-information=\"Yemen\"", "relationship_type": ""}, {"colour": "#8b035d", "local": false, "name": "misp-galaxy:target-information=\"Cyprus\"", "relationship_type": ""}, {"colour": "#8604d0", "local": false, "name": "misp-galaxy:target-information=\"Bahrain\"", "relationship_type": ""}, {"colour": "#631fed", "local": false, "name": "misp-galaxy:target-information=\"Rwanda\"", "relationship_type": ""}, {"colour": "#c79f1f", "local": false, "name": "misp-galaxy:target-information=\"Gabon\"", "relationship_type": ""}, {"colour": "#453bd5", "local": false, "name": "misp-galaxy:target-information=\"Namibia\"", "relationship_type": ""}, {"colour": "#d49f13", "local": false, "name": "misp-galaxy:target-information=\"Montenegro\"", "relationship_type": ""}, {"colour": "#83bd88", "local": false, "name": "misp-galaxy:target-information=\"Mali\"", "relationship_type": ""}, {"colour": "#cbf48a", "local": false, "name": "misp-galaxy:target-information=\"Papua New Guinea\"", "relationship_type": ""}, {"colour": "#f93f1c", "local": false, "name": "misp-galaxy:target-information=\"Zimbabwe\"", "relationship_type": ""}, {"colour": "#bc43ce", "local": false, "name": "misp-galaxy:target-information=\"Jersey\"", "relationship_type": ""}, {"colour": "#4fc5b4", "local": false, "name": "misp-galaxy:target-information=\"Botswana\"", "relationship_type": ""}, {"colour": "#5d3bf0", "local": false, "name": "misp-galaxy:target-information=\"Malawi\"", "relationship_type": ""}, {"colour": "#cdb249", "local": false, "name": "misp-galaxy:target-information=\"Haiti\"", "relationship_type": ""}, {"colour": "#687d35", "local": false, "name": "misp-galaxy:target-information=\"Mauritius\"", "relationship_type": ""}, {"colour": "#f834a3", "local": false, "name": "misp-galaxy:target-information=\"Maldives\"", "relationship_type": ""}, {"colour": "#598e44", "local": false, "name": "misp-galaxy:target-information=\"Somalia\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#a74455", "local": false, "name": "misp-galaxy:target-information=\"Guyana\"", "relationship_type": ""}, {"colour": "#fcbb39", "local": false, "name": "misp-galaxy:target-information=\"Mauritania\"", "relationship_type": ""}, {"colour": "#dfc3c3", "local": false, "name": "misp-galaxy:target-information=\"Malta\"", "relationship_type": ""}, {"colour": "#16ba7c", "local": false, "name": "misp-galaxy:target-information=\"Saint Kitts and Nevis\"", "relationship_type": ""}, {"colour": "#c25683", "local": false, "name": "misp-galaxy:target-information=\"Bahamas\"", "relationship_type": ""}, {"colour": "#b51aa2", "local": false, "name": "misp-galaxy:target-information=\"Suriname\"", "relationship_type": ""}, {"colour": "#241a62", "local": false, "name": "misp-galaxy:target-information=\"Iceland\"", "relationship_type": ""}, {"colour": "#ad6422", "local": false, "name": "misp-galaxy:target-information=\"Liberia\"", "relationship_type": ""}, {"colour": "#f86e61", "local": false, "name": "misp-galaxy:target-information=\"Andorra\"", "relationship_type": ""}, {"colour": "#7f34fb", "local": false, "name": "misp-galaxy:target-information=\"Barbados\"", "relationship_type": ""}, {"colour": "#b580d1", "local": false, "name": "misp-galaxy:target-information=\"Belize\"", "relationship_type": ""}, {"colour": "#fabbd6", "local": false, "name": "misp-galaxy:target-information=\"Fiji\"", "relationship_type": ""}, {"colour": "#2107a4", "local": false, "name": "misp-galaxy:target-information=\"Sierra Leone\"", "relationship_type": ""}, {"colour": "#d8846f", "local": false, "name": "misp-galaxy:target-information=\"Bhutan\"", "relationship_type": ""}, {"colour": "#78b6f0", "local": false, "name": "misp-galaxy:target-information=\"Saint Lucia\"", "relationship_type": ""}, {"colour": "#719d95", "local": false, "name": "misp-galaxy:target-information=\"Guam\"", "relationship_type": ""}, {"colour": "#0d5eef", "local": false, "name": "misp-galaxy:target-information=\"Guinea\"", "relationship_type": ""}, {"colour": "#2aeb10", "local": false, "name": "misp-galaxy:target-information=\"Guinea-Bissau\"", "relationship_type": ""}, {"colour": "#7c7c77", "local": false, "name": "misp-galaxy:target-information=\"Chad\"", "relationship_type": ""}, {"colour": "#83e168", "local": false, "name": "misp-galaxy:target-information=\"Gambia\"", "relationship_type": ""}, {"colour": "#2ea969", "local": false, "name": "misp-galaxy:target-information=\"Niger\"", "relationship_type": ""}, {"colour": "#f28cbf", "local": false, "name": "misp-galaxy:target-information=\"Cura\u00e7ao\"", "relationship_type": ""}, {"colour": "#0a5d4f", "local": false, "name": "misp-galaxy:target-information=\"French Polynesia\"", "relationship_type": ""}, {"colour": "#d8e4c7", "local": false, "name": "misp-galaxy:target-information=\"Lesotho\"", "relationship_type": ""}, {"colour": "#83a682", "local": false, "name": "misp-galaxy:target-information=\"Burundi\"", "relationship_type": ""}, {"colour": "#5f8f8d", "local": false, "name": "misp-galaxy:target-information=\"Isle of Man\"", "relationship_type": ""}, {"colour": "#a66c0a", "local": false, "name": "misp-galaxy:target-information=\"Liechtenstein\"", "relationship_type": ""}, {"colour": "#3d5eba", "local": false, "name": "misp-galaxy:target-information=\"New Caledonia\"", "relationship_type": ""}, {"colour": "#b5e999", "local": false, "name": "misp-galaxy:target-information=\"San Marino\"", "relationship_type": ""}, {"colour": "#c80ee7", "local": false, "name": "misp-galaxy:target-information=\"Cayman Islands\"", "relationship_type": ""}, {"colour": "#31c535", "local": false, "name": "misp-galaxy:target-information=\"Dominica\"", "relationship_type": ""}, {"colour": "#c70980", "local": false, "name": "misp-galaxy:target-information=\"Faroe Islands\"", "relationship_type": ""}, {"colour": "#25398e", "local": false, "name": "misp-galaxy:target-information=\"Greenland\"", "relationship_type": ""}, {"colour": "#c9847a", "local": false, "name": "misp-galaxy:target-information=\"Grenada\"", "relationship_type": ""}, {"colour": "#53d6ba", "local": false, "name": "misp-galaxy:target-information=\"Guernsey\"", "relationship_type": ""}, {"colour": "#cea85d", "local": false, "name": "misp-galaxy:target-information=\"Turks and Caicos Islands\"", "relationship_type": ""}, {"colour": "#de7e67", "local": false, "name": "misp-galaxy:target-information=\"U.S. Virgin Islands\"", "relationship_type": ""}, {"colour": "#5fab99", "local": false, "name": "misp-galaxy:target-information=\"Anguilla\"", "relationship_type": ""}, {"colour": "#439154", "local": false, "name": "misp-galaxy:target-information=\"Antigua and Barbuda\"", "relationship_type": ""}, {"colour": "#9e0af4", "local": false, "name": "misp-galaxy:target-information=\"Bermuda\"", "relationship_type": ""}, {"colour": "#005585", "local": false, "name": "misp-galaxy:target-information=\"Central African Republic\"", "relationship_type": ""}, {"colour": "#03801f", "local": false, "name": "misp-galaxy:target-information=\"Comoros\"", "relationship_type": ""}, {"colour": "#57ece2", "local": false, "name": "misp-galaxy:target-information=\"Djibouti\"", "relationship_type": ""}, {"colour": "#450e1c", "local": false, "name": "misp-galaxy:target-information=\"Kiribati\"", "relationship_type": ""}, {"colour": "#f07c14", "local": false, "name": "misp-galaxy:target-information=\"Monaco\"", "relationship_type": ""}, {"colour": "#2c42ff", "local": false, "name": "misp-galaxy:target-information=\"Northern Mariana Islands\"", "relationship_type": ""}, {"colour": "#aa780d", "local": false, "name": "misp-galaxy:target-information=\"Palau\"", "relationship_type": ""}, {"colour": "#19d775", "local": false, "name": "misp-galaxy:target-information=\"Turkmenistan\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MetaStealer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"RedLine Stealer\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Medium\"", "relationship_type": ""}], "info": "[Threat Intel] Profiling Trafficers: Cerberus", "date": "2024-05-09", "analysis": 1, "threat_level_id": 3, "timestamp": 1772901934}, "ffde907b-641c-4794-857f-1b577471daaf": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#77e006", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disabling Security Tools - T1089\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#9651e2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": ""}, {"colour": "#c1bf0d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Component Object Model Hijacking - T1122\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#1a8d0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"", "relationship_type": ""}, {"colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"JSOutProx\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"SOLAR SPIDER\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via GitLab Abuse", "date": "2024-04-03", "analysis": 1, "threat_level_id": 3, "timestamp": 1780039398}, "726d5c64-2003-426b-8899-be88e0b7aa0a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#870443", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#f86e61", "local": false, "name": "misp-galaxy:target-information=\"Andorra\"", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#66e036", "local": false, "name": "misp-galaxy:target-information=\"Austria\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#732009", "local": false, "name": "misp-galaxy:target-information=\"Colombia\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#b1b109", "local": false, "name": "misp-galaxy:target-information=\"Guatemala\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#4e41fc", "local": false, "name": "misp-galaxy:target-information=\"Ireland\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#3c02c3", "local": false, "name": "misp-galaxy:target-information=\"Luxembourg\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": ""}, {"colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#c70b8f", "local": false, "name": "misp-galaxy:target-information=\"Portugal\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Bolivia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Venezuela\"", "relationship_type": ""}, {"colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"LabHost\"", "relationship_type": ""}], "info": "[Threat Intel] The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider", "date": "2024-04-18", "analysis": 1, "threat_level_id": 3, "timestamp": 1772901935}, "31bee8fd-1453-4ea8-8d71-b296938eeec3": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#e96364", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Adversary-in-the-Middle - T1557\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#e76389", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hide Artifacts - T1564\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#bf6f24", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic Resolution - T1568\"", "relationship_type": ""}, {"colour": "#e7980c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Pre-OS Boot - T1542\"", "relationship_type": ""}, {"colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#52486a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inter-Process Communication - T1559\"", "relationship_type": ""}, {"colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#3b33aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Subvert Trust Controls - T1553\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": ""}, {"colour": "#251b6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obtain Capabilities - T1588\"", "relationship_type": ""}, {"colour": "#cda89b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Shutdown/Reboot - T1529\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"ScamClub\"", "relationship_type": ""}], "info": "[Threat Intel] Decoding ScamClub\u2019s Malicious VAST Attack", "date": "2024-03-13", "analysis": 1, "threat_level_id": 3, "timestamp": 1772901937}, "7b7d8d69-d72f-4a5d-afd9-03ddc2ec3843": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#6143a8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Initialization Scripts - T1398\"", "relationship_type": ""}, {"colour": "#64af28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1417\"", "relationship_type": ""}, {"colour": "#0da3ae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1418\"", "relationship_type": ""}, {"colour": "#9c4b3a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\"", "relationship_type": ""}, {"colour": "#b418fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1422\"", "relationship_type": ""}, {"colour": "#bbb53d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\"", "relationship_type": ""}, {"colour": "#704a15", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1429\"", "relationship_type": ""}, {"colour": "#775b18", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Location Tracking - T1430\"", "relationship_type": ""}, {"colour": "#85feae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1437\"", "relationship_type": ""}, {"colour": "#8eb1d9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1481\"", "relationship_type": ""}, {"colour": "#932961", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Video Capture - T1512\"", "relationship_type": ""}, {"colour": "#142555", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Notifications - T1517\"", "relationship_type": ""}, {"colour": "#25f1d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1533\"", "relationship_type": ""}, {"colour": "#3b33aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Subvert Trust Controls - T1553\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"QUILTED TIGER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"VajraSpy\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Call Log - T1636.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Contact List - T1636.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Manipulation - T1641\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1646\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1417.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"One-Way Communication - T1481.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Messages - T1636.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1437.001\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}], "info": "[Threat Intel] VajraSpy: A Patchwork of espionage apps", "date": "2024-02-01", "analysis": 1, "threat_level_id": 1, "timestamp": 1780039410}, "6cf62c7f-1276-41bf-aabd-70eeb78f8c59": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Estries\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DracuLoader\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HemiGate\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Technology\"", "relationship_type": ""}, {"colour": "#36a9d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command Obfuscation - T1027.010\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#110e53", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"", "relationship_type": ""}, {"colour": "#90e419", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Downgrade Attack - T1562.010\"", "relationship_type": ""}, {"colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": ""}, {"colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": ""}, {"colour": "#eadc12", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": ""}, {"colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": ""}, {"colour": "#44e07f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Token Impersonation/Theft - T1134.001\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": ""}, {"colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}], "info": "[Threat Intel] Earth Estries Targets Government, Tech for Cyberespionage", "date": "2023-08-30", "analysis": 1, "threat_level_id": 1, "timestamp": 1780039413}, "87a3c7a8-d755-47c7-9084-a7d58341be99": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#8b05c0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1123\"", "relationship_type": ""}, {"colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": ""}, {"colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#b361b2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Trusted Developer Utilities Proxy Execution - T1127\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#e0f4bc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Event Triggered Execution - T1546\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#7c8061", "local": false, "name": "misp-galaxy:target-information=\"Bosnia and Herzegovina\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DarkPink\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Non-profit organisation\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-tool=\"PowerSploit - S0194\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-tool=\"PowerSploit - S0194\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"3b16bb5a-eb4f-4603-a909-bebc5df4a46d\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}], "info": "[Threat Intel] Dark Pink - New APT hitting Asia-Pacific, Europe that goes deeper and darker", "date": "2023-01-11", "analysis": 1, "threat_level_id": 1, "timestamp": 1772901939}, "83f31bcf-cf2e-4ebb-b8c2-7ef9e6925c9e": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#2d8ee7", "local": false, "name": "misp-galaxy:producer=\"Proofpoint\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#e8825f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\"", "relationship_type": ""}, {"colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": ""}, {"colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": ""}, {"colour": "#45a451", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": ""}, {"colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT40\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Manufacturing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"News - Media\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Oil\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"scanbox\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}], "info": "[Threat Intel] Rising Tide: Chasing the Currents of Espionage in the South China Sea", "date": "2022-08-30", "analysis": 1, "threat_level_id": 1, "timestamp": 1772901940}, "ce9b6cf8-d850-4441-bfe8-02b66a095190": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#8b05c0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1123\"", "relationship_type": ""}, {"colour": "#d5270f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Call Log - T1433\"", "relationship_type": ""}, {"colour": "#65d24c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": ""}, {"colour": "#fb3bcd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Host Information - T1592\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#0bbdc3", "local": false, "name": "misp-galaxy:target-information=\"New Zealand\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"HAZY TIGER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Operation C-Major\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"XploitSPY\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Dracarys\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Meta's Quarterly Adversarial Threat Report", "date": "2022-08-09", "analysis": 1, "threat_level_id": 2, "timestamp": 1780039420}, "cc95784f-b4fb-49b4-8f6b-f5602e79675d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ShadowPad\"", "relationship_type": ""}, {"colour": "#c55f42", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive via Library - T1560.002\"", "relationship_type": ""}, {"colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": ""}, {"colour": "#cfba47", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": ""}, {"colour": "#0affe9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"BITS Jobs - T1197\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": ""}, {"colour": "#280b0e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Proxy - T1090.002\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#44b2c2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1564.001\"", "relationship_type": ""}, {"colour": "#c295b4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Proxy - T1090.001\"", "relationship_type": ""}, {"colour": "#0c8fe6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Email Collection - T1114.001\"", "relationship_type": ""}, {"colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#d528b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows File and Directory Permissions Modification - T1222.001\"", "relationship_type": ""}, {"colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Logistic\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Manufacturing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Transport\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PlugX\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"HAFNIUM\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}], "info": "[Threat Intel] Attacks on industrial control systems using ShadowPad", "date": "2022-06-27", "analysis": 1, "threat_level_id": 1, "timestamp": 1780039425}, "4e327b35-ae43-4963-bc9d-7c0370659ae5": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": ""}, {"colour": "#3b33aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Subvert Trust Controls - T1553\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#d58a16", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#0dc5a4", "local": false, "name": "misp-galaxy:target-information=\"Mozambique\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"GALLIUM\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PingPull\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}], "info": "[Threat Intel] GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool", "date": "2022-06-13", "analysis": 1, "threat_level_id": 1, "timestamp": 1780382255}, "e5b2340a-7903-4bd9-a019-bba2fc4c1e4a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#03bdda", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1073\"", "relationship_type": ""}, {"colour": "#e2ba37", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Initialization Scripts - T1037\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#04e23c", "local": false, "name": "misp-galaxy:target-information=\"Slovakia\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"ToddyCat\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#41c393", "local": false, "name": "misp-galaxy:target-information=\"Kyrgyzstan\"", "relationship_type": ""}, {"colour": "#aad0dc", "local": false, "name": "misp-galaxy:target-information=\"Uzbekistan\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}], "info": "[Threat Intel] ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia", "date": "2022-06-21", "analysis": 1, "threat_level_id": 1, "timestamp": 1780039583}, "f367fd3e-04f5-44cf-a5b0-3231b2be5bd0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#57b2ae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\"", "relationship_type": ""}, {"colour": "#77a4ec", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Collection - T1114\"", "relationship_type": ""}, {"colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#750f7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"", "relationship_type": ""}, {"colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Emotet\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Kaspersky report on Emotet modules and recent attacks", "date": "2022-04-13", "analysis": 1, "threat_level_id": 3, "timestamp": 1772901944}, "1fde6563-28ae-40bc-b7cc-4909f1aaf1aa": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#8c387c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Prompt - T1411\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#85feae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1437\"", "relationship_type": ""}, {"colour": "#586753", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade as Legitimate Application - T1444\"", "relationship_type": ""}, {"colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}], "info": "[Threat Intel] Fake E-shops on the prowl for banking credentials using Android malware", "date": "2022-04-06", "analysis": 1, "threat_level_id": 2, "timestamp": 1772901944}, "fbf292a8-ce2d-4811-882f-34fb7dd1c26b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#bf83fd", "local": false, "name": "misp-galaxy:producer=\"Recorded Future\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Police - Law enforcement\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FunnyDream\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ShadowPad\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Trochilus RAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"8.t Dropper\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NewCore RAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Laos\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"058ba3b3-6530-41b4-ac3f-1b3ca0b97ec4\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"00afde8d-6de3-46b1-9f35-e98fc8c1ee07\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"e6520f6c-3713-489d-90c2-f06bb947988f\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"b63153a8-f2e8-4543-a0f7-0a3e74515812\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"eb1a21c9-5c30-4c70-a120-5452151b4eac\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Chinoxy\"", "relationship_type": ""}], "info": "[Threat Intel] Chinese State-Sponsored Cyber Espionage Activity Supports Expansion of Regional Power and Influence in Southeast Asia", "date": "2021-12-08", "analysis": 1, "threat_level_id": 1, "timestamp": 1780039616}, "a58cbce5-e0fa-4016-9bff-031c1997cda8": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#dac154", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": ""}, {"colour": "#bf2644", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server Software Component - T1505\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#4bec12", "local": false, "name": "misp-galaxy:target-information=\"Chile\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT41\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SideWalk (Windows)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}], "info": "[Threat Intel] Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware", "date": "2021-09-09", "analysis": 1, "threat_level_id": 1, "timestamp": 1772901946}, "2959ad1b-1d10-4406-b3e7-92343e5097d0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#9dc839", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#70b0b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": ""}, {"colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#d0b1fd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1471\"", "relationship_type": ""}, {"colour": "#9f5dac", "local": false, "name": "misp-galaxy:target-information=\"Romania\"", "relationship_type": ""}, {"colour": "#66e036", "local": false, "name": "misp-galaxy:target-information=\"Austria\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#e6caf2", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#4cebc3", "local": false, "name": "misp-galaxy:target-information=\"Lebanon\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"AvosLocker\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"HelloKitty\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Hive\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"LockBit\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Emerging Ransomware Groups: AvosLocker, Hive, HelloKitty, LockBit 2.0", "date": "2021-08-24", "analysis": 1, "threat_level_id": 2, "timestamp": 1772901946}, "d8a848e6-56b5-48d5-8088-69ff0f0bad05": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"8.t Dropper\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Medium\"", "relationship_type": ""}], "info": "[Threat Intel] Actor behind Operation LagTime targets Russia", "date": "2020-11-26", "analysis": 1, "threat_level_id": 2, "timestamp": 1780039622}, "cbc7019f-c90e-48ef-94d6-d7cca59a6c03": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#5dfed4", "local": false, "name": "misp-galaxy:producer=\"Check Point\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#566f91", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Carrier Billing Fraud - T1448\"", "relationship_type": ""}, {"colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": ""}, {"colour": "#b2ee2e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Download New Code at Runtime - T1407\"", "relationship_type": ""}, {"colour": "#5760f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Suppress Application Icon - T1508\"", "relationship_type": ""}, {"colour": "#b418fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1422\"", "relationship_type": ""}, {"colour": "#24a1e3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1421\"", "relationship_type": ""}, {"colour": "#bbb53d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\"", "relationship_type": ""}, {"colour": "#0da3ae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1418\"", "relationship_type": ""}, {"colour": "#d39115", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1406\"", "relationship_type": ""}, {"colour": "#1cbd79", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1575\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}], "info": "[Threat Intel] WAPDropper: An Android Malware Subscribing Victims to Premium Services and Targeting  Telecomm Companies", "date": "2020-11-24", "analysis": 1, "threat_level_id": 2, "timestamp": 1780039627}, "878d7da6-94df-48e6-a7c7-24eb048491ca": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": ""}, {"colour": "#41c393", "local": false, "name": "misp-galaxy:target-information=\"Kyrgyzstan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SlothfulMedia\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] SlothfulMedia RAT Used in Targeted Attacks", "date": "2020-10-01", "analysis": 1, "threat_level_id": 2, "timestamp": 1772901948}, "e82626b8-e22b-43af-bb55-69b06800cc4a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#cc5e96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#17c030", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"", "relationship_type": ""}, {"colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#91ee5f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rootkit - T1014\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#cfba47", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": ""}, {"colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#dac154", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": ""}, {"colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#36a9d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": ""}, {"colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": ""}, {"colour": "#71ecdb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Manipulation - T1098\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": ""}, {"colour": "#70b0b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": ""}, {"colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#9dc839", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"", "relationship_type": ""}, {"colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": ""}, {"colour": "#37f8da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"", "relationship_type": ""}, {"colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#45a451", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#1acf09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Trusted Relationship - T1199\"", "relationship_type": ""}, {"colour": "#3a63ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indirect Command Execution - T1202\"", "relationship_type": ""}, {"colour": "#0aebeb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#4edbe6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Browser Information Discovery - T1217\"", "relationship_type": ""}, {"colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": ""}, {"colour": "#81b347", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Software - T1219\"", "relationship_type": ""}, {"colour": "#a05856", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"", "relationship_type": ""}, {"colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": ""}, {"colour": "#bf2644", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server Software Component - T1505\"", "relationship_type": ""}, {"colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": ""}, {"colour": "#9c8729", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Create or Modify System Process - T1543\"", "relationship_type": ""}, {"colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": ""}, {"colour": "#9dfeaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Abuse Elevation Control Mechanism - T1548\"", "relationship_type": ""}, {"colour": "#a320c3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unsecured Credentials - T1552\"", "relationship_type": ""}, {"colour": "#3b33aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Subvert Trust Controls - T1553\"", "relationship_type": ""}, {"colour": "#5b3acc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Wipe - T1561\"", "relationship_type": ""}, {"colour": "#d4fd6f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Impair Defenses - T1562\"", "relationship_type": ""}, {"colour": "#6b4ab5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Manipulation - T1565\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#fda248", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Services - T1569\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": ""}, {"colour": "#7c8061", "local": false, "name": "misp-galaxy:target-information=\"Bosnia and Herzegovina\"", "relationship_type": ""}, {"colour": "#6d455d", "local": false, "name": "misp-galaxy:target-information=\"Bulgaria\"", "relationship_type": ""}, {"colour": "#4bec12", "local": false, "name": "misp-galaxy:target-information=\"Chile\"", "relationship_type": ""}, {"colour": "#9f8eb4", "local": false, "name": "misp-galaxy:target-information=\"Costa Rica\"", "relationship_type": ""}, {"colour": "#321f24", "local": false, "name": "misp-galaxy:target-information=\"Ecuador\"", "relationship_type": ""}, {"colour": "#f107e3", "local": false, "name": "misp-galaxy:target-information=\"Ghana\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": ""}, {"colour": "#fbaa07", "local": false, "name": "misp-galaxy:target-information=\"Kenya\"", "relationship_type": ""}, {"colour": "#841801", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#dfc3c3", "local": false, "name": "misp-galaxy:target-information=\"Malta\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#0dc5a4", "local": false, "name": "misp-galaxy:target-information=\"Mozambique\"", "relationship_type": ""}, {"colour": "#ff41c1", "local": false, "name": "misp-galaxy:target-information=\"Nepal\"", "relationship_type": ""}, {"colour": "#71c031", "local": false, "name": "misp-galaxy:target-information=\"Nicaragua\"", "relationship_type": ""}, {"colour": "#bedb1f", "local": false, "name": "misp-galaxy:target-information=\"Nigeria\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#69061f", "local": false, "name": "misp-galaxy:target-information=\"Panama\"", "relationship_type": ""}, {"colour": "#1c5aae", "local": false, "name": "misp-galaxy:target-information=\"Peru\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#02a4c7", "local": false, "name": "misp-galaxy:target-information=\"Togo\"", "relationship_type": ""}, {"colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#d6740b", "local": false, "name": "misp-galaxy:target-information=\"Uganda\"", "relationship_type": ""}, {"colour": "#09b89b", "local": false, "name": "misp-galaxy:target-information=\"Uruguay\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#5e8ca8", "local": false, "name": "misp-galaxy:target-information=\"Zambia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CISA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CHEESETRAY\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ELECTRICFISH\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FastCash\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HOPLIGHT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NACHOCHEESE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PSLogger\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Lazarus Group\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks", "date": "2020-10-24", "analysis": 1, "threat_level_id": 1, "timestamp": 1780382438}, "f2225e4e-678a-4018-9046-befc5d32e220": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#86298e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#750f7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"", "relationship_type": ""}, {"colour": "#15e278", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Compressed - T1002\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#2ced92", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT30\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NETEAGLE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"RCtrl\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"backspace\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] The eagle eye is back: old and new backdoors from APT30", "date": "2020-06-19", "analysis": 1, "threat_level_id": 1, "timestamp": 1772901951}, "4b09400c-8690-4b8d-99a6-e274b658e7b7": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#3000b9", "local": false, "name": "rectifyq:workflow=\"enrichment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": ""}, {"colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": ""}, {"colour": "#841801", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#aad0dc", "local": false, "name": "misp-galaxy:target-information=\"Uzbekistan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CarbonSteal\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DoubleAgent\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"GoldenEagle\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SilkBean\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT15\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}], "info": "[Threat Intel] Mobile APT Surveillance Campaigns Targeting Uyghurs", "date": "2020-07-01", "analysis": 1, "threat_level_id": 2, "timestamp": 1780039657}, "6f707024-b346-4f24-a6aa-f95bb9d695cc": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#8196ba", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"", "relationship_type": ""}, {"colour": "#03bdda", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1073\"", "relationship_type": ""}, {"colour": "#9651e2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\"", "relationship_type": ""}, {"colour": "#37f8da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#a3aa59", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"", "relationship_type": ""}, {"colour": "#2cfe4e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Template Injection - T1221\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Elastic\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT40\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Advanced techniques used in a Malaysian-focused APT campaign", "date": "2020-06-22", "analysis": 1, "threat_level_id": 1, "timestamp": 1780039662}, "954a57ee-8998-438d-af4e-0274f6fa5e43": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#3000b9", "local": false, "name": "rectifyq:workflow=\"enrichment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#a3aa59", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"", "relationship_type": ""}, {"colour": "#0aebeb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"", "relationship_type": ""}, {"colour": "#03bdda", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1073\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT40\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Medium\"", "relationship_type": ""}], "info": "[Threat Intel] APT40  targeting Malaysia government officials", "date": "2020-02-05", "analysis": 1, "threat_level_id": 1, "timestamp": 1780039684}, "87b1f91a-1222-459b-9b1e-1d0a328b2430": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"PLATINUM\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Titanium: the Platinum group strikes again", "date": "2019-11-08", "analysis": 1, "threat_level_id": 1, "timestamp": 1772901958}, "57df35b2-526b-4224-a79d-1357afde164c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#321f24", "local": false, "name": "misp-galaxy:target-information=\"Ecuador\"", "relationship_type": ""}, {"colour": "#1c5aae", "local": false, "name": "misp-galaxy:target-information=\"Peru\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Felismus\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"StarLoader\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sowbug\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Brunei\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Sowbug: Cyber espionage group targets South American and Southeast Asian governments", "date": "2017-11-07", "analysis": 1, "threat_level_id": 1, "timestamp": 1772901958}, "ce2b0906-037d-4aa3-8cf9-4410a09e44a2": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"brazil\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Defacement - T1491.002\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-063.012004: MyCERT Alert - Mass Web Defacements of Malaysian Websites", "date": "2004-01-19", "analysis": 1, "threat_level_id": 3, "timestamp": 1772901959}, "37532f3f-2365-482b-b786-b4e97ffc3e9f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Defacement - T1491.002\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-078.082004: MyCERT Alert - Mass Web Defacements of Malaysian Websites", "date": "2004-08-11", "analysis": 2, "threat_level_id": 3, "timestamp": 1772901959}, "88764f39-1338-4624-9220-80027db0671c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Defacement - T1491.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-087.032005: MyCERT Advisory - Mass Defacements of Malaysian Websites", "date": "2005-03-09", "analysis": 2, "threat_level_id": 3, "timestamp": 1772901959}, "6fe57214-572d-4e42-8c13-6047ae7cf563": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Defacement - T1491.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-103.022006: MyCERT Advisory - Mass Web Defacements of Malaysian Websites", "date": "2006-02-21", "analysis": 2, "threat_level_id": 3, "timestamp": 1772901960}, "5bd7530a-8cdf-4972-ae74-2e25e508ef73": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#870443", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#3d38fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire Infrastructure - T1583\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1584.001\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"9a3d582c-4d26-4567-8330-9493d20f12bd\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-228.042010: MyCERT Advisory - Phishing Attempts Targeting Public Bank Malaysia Users", "date": "2010-04-23", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901962}, "21fdbf4a-fb06-445e-b0ec-f9f282135b6d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Stuxnet\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Broadcom Blog\"", "relationship_type": ""}], "info": "[Threat Intel] W32.Stuxnet \u2014 Network Information", "date": "2010-07-22", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901963}, "77f41aa9-416e-407a-900d-02f64b67ab2e": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"CNP \u2013 Card Not Present\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Payment Cards\"", "relationship_type": ""}], "info": "[Threat Intel] Federal Reserve Hacker Steals 400,000 Credit Card Numbers: Feds", "date": "2010-11-18", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901963}, "353fb1fc-a173-4be1-bc8c-348d568dc078": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Hacktivist\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#64388b", "local": false, "name": "misp-galaxy:target-information=\"Tunisia\"", "relationship_type": ""}, {"colour": "#f93f1c", "local": false, "name": "misp-galaxy:target-information=\"Zimbabwe\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Retail\"", "relationship_type": ""}], "info": "[Threat Intel] Anonymous, who are they and what do they do", "date": "2011-07-01", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901964}, "b92b518b-5a6a-4e78-9b41-00b74234d6fa": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}], "info": "[Threat Intel] Report: M\u2019sia group hacked S\u2019pore NParks site", "date": "2011-07-03", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901965}, "e5762a9d-4604-4bff-ba53-14cc0931dc8a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"143 - Central Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"151 - Eastern Europe\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0aebeb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}], "info": "[Threat Intel] \u201cRed October\u201d Diplomatic Cyber Attacks Investigation", "date": "2013-01-14", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901966}, "60a75a73-eaf6-4b4f-bd34-0676208f493b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#732009", "local": false, "name": "misp-galaxy:target-information=\"Colombia\"", "relationship_type": ""}, {"colour": "#63db91", "local": false, "name": "misp-galaxy:target-information=\"Cuba\"", "relationship_type": ""}, {"colour": "#321f24", "local": false, "name": "misp-galaxy:target-information=\"Ecuador\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#1c5aae", "local": false, "name": "misp-galaxy:target-information=\"Peru\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Venezuela\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"El Machete\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] \u201cEl Machete\u201d", "date": "2014-08-20", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901967}, "8cf84df1-a143-4298-adf1-d127b7cbc33c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-380.032014: MyCERT Alert - Missing Malaysia Airlines MH370 Plane Found Hoax", "date": "2014-03-18", "analysis": 2, "threat_level_id": 3, "timestamp": 1772901967}, "6dfcfab8-6054-4b04-bc5f-742dfc10a691": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Zeus\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ZitMo\"", "relationship_type": ""}, {"colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-416.092014: MyCERT Alert - Banker Malware Targeting Malaysian Internet Banking User", "date": "2014-09-23", "analysis": 2, "threat_level_id": 3, "timestamp": 1772901968}, "6f34d0d4-d39c-42d9-b7d0-ad7c36a49c7e": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"DarkHotel\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#4e41fc", "local": false, "name": "misp-galaxy:target-information=\"Ireland\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Nemim\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Tapaoux\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] The Darkhotel APT", "date": "2014-11-10", "analysis": 0, "threat_level_id": 1, "timestamp": 1780039724}, "2face905-11c0-4d37-b106-950a1235e579": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Regin\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Research - Innovation\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#0f0428", "local": false, "name": "misp-galaxy:target-information=\"Algeria\"", "relationship_type": ""}, {"colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#fabbd6", "local": false, "name": "misp-galaxy:target-information=\"Fiji\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": ""}, {"colour": "#450e1c", "local": false, "name": "misp-galaxy:target-information=\"Kiribati\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Syria\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Regin: nation-state ownage of GSM networks", "date": "2014-11-24", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901970}, "6503c448-8845-4c88-862d-6d56a43de1a6": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Regin\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Hopscotch\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] An analysis of Regin\u2019s Hopscotch and Legspin", "date": "2015-01-22", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901971}, "574f2274-bd92-4f01-a401-47d8909fc04c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Equation Group\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Regin\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DoubleFantasy (ELF)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DoubleFantasy (Windows)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"EquationDrug\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Fanny\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#0f0428", "local": false, "name": "misp-galaxy:target-information=\"Algeria\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": ""}, {"colour": "#fbaa07", "local": false, "name": "misp-galaxy:target-information=\"Kenya\"", "relationship_type": ""}, {"colour": "#4cebc3", "local": false, "name": "misp-galaxy:target-information=\"Lebanon\"", "relationship_type": ""}, {"colour": "#031c9d", "local": false, "name": "misp-galaxy:target-information=\"Libya\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#83bd88", "local": false, "name": "misp-galaxy:target-information=\"Mali\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#21c959", "local": false, "name": "misp-galaxy:target-information=\"Qatar\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Syria\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#9077b1", "local": false, "name": "misp-galaxy:target-information=\"Yemen\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Equation: The Death Star of Malware Galaxy", "date": "2015-02-16", "analysis": 2, "threat_level_id": 1, "timestamp": 1780039766}, "77d062bd-a5a0-479b-adf8-f777f635598d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT30\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FLASHFLOOD\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NETEAGLE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SHIPSHAPE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SPACESHIP\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"backspace\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"GEMCUTTER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MILKMAID\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ORANGEADE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION", "date": "2015-04-01", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901973}, "34fadfbd-2659-4bf5-8e4f-10f0a08de7d5": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Hellsing\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Diplomacy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] The Chronicles of the Hellsing APT: the Empire Strikes Back", "date": "2015-04-15", "analysis": 2, "threat_level_id": 1, "timestamp": 1780039795}, "55e34dbc-1e1c-48f7-b63d-68e857eaa3c0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Naikon\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Laos\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#ff41c1", "local": false, "name": "misp-galaxy:target-information=\"Nepal\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil society\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] The Naikon APT", "date": "2015-05-14", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901974}, "b9a7be01-7675-4afe-ab8a-4c6abedf7df2": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Laos\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Naikon\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SslMM\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Sys10\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"WinMM\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"xsPlus\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] The Naikon APT and the MsnMM Campaigns", "date": "2015-05-21", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901975}, "aacd65ff-cd94-43b7-8a65-0777ff74614d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"LOTUS PANDA\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] The Spring Dragon APT", "date": "2015-06-17", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901976}, "96f7a456-317e-4efc-8874-0ff5c0bce9f6": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#870443", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"82a4a09c-ca5b-4dd1-b194-df3e65f93fa3\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-640.102016: MyCERT Alert - Phishing Emails Targeting Bank Negara Malaysia (BNM)", "date": "2016-10-14", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901977}, "62830fba-06ed-49be-85d5-b61dbb5950ad": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Higher education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Political party\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"LOTUS PANDA\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Spring Dragon \u2013 Updated Activity", "date": "2017-07-24", "analysis": 0, "threat_level_id": 1, "timestamp": 1772901978}, "e1546f78-6f97-4999-9356-7771228e3d0b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0fa7af", "local": false, "name": "misp-galaxy:target-information=\"Armenia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Silence\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Silence \u2013 a new Trojan attacking financial organizations", "date": "2017-11-01", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901978}, "dd295f39-d156-45a9-8d41-6c505b1f094e": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Police - Law enforcement\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"00afde8d-6de3-46b1-9f35-e98fc8c1ee07\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake App\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-690.122017: MyCERT Alert - Fake PDRM Malicious APK", "date": "2017-12-18", "analysis": 0, "threat_level_id": 2, "timestamp": 1772901979}, "fb3c6d54-a1eb-47ca-9ad8-285973c276c7": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"82a4a09c-ca5b-4dd1-b194-df3e65f93fa3\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake App\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Contact List - T1432\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Contact List - T1636.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Call Control - T1616\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stored Application Data - T1409\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-694.012018: MyCERT Alert - Fake Bank Negara Malicious APK", "date": "2018-01-13", "analysis": 2, "threat_level_id": 2, "timestamp": 1780382476}, "26383d24-134d-4ea4-a8f3-df7d9ceb322a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"LOTUS PANDA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Lotus Blossom Continues ASEAN Targeting", "date": "2018-02-13", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901980}, "8b442a0f-02e2-4f4a-a9f3-961ebfd751ae": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT28\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Zebrocy (AutoIT)\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#7c8061", "local": false, "name": "misp-galaxy:target-information=\"Bosnia and Herzegovina\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#20962d", "local": false, "name": "misp-galaxy:target-information=\"Finland\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": ""}, {"colour": "#72ab92", "local": false, "name": "misp-galaxy:target-information=\"Lithuania\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#d9dfae", "local": false, "name": "misp-galaxy:target-information=\"Mongolia\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": ""}, {"colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Engineering\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"NGO\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] A Slice of 2017 Sofacy Activity", "date": "2018-02-20", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901981}, "979b0d58-daf0-4ce3-9916-449167a7a4ca": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#fbaa07", "local": false, "name": "misp-galaxy:target-information=\"Kenya\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#b51aa2", "local": false, "name": "misp-galaxy:target-information=\"Suriname\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}], "info": "[Threat Intel] Inception Framework: Alive and Well, and Hiding Behind Proxies", "date": "2018-03-14", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901981}, "5947a5a4-9c86-45e8-9756-25fa38c54ff3": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Health\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Logistic\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Manufacturing\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#620e4e", "local": false, "name": "misp-galaxy:target-information=\"Hungary\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Orangeworm\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia", "date": "2018-04-23", "analysis": 2, "threat_level_id": 2, "timestamp": 1780039852}, "95577f81-7f15-402e-894a-bcb769c839e3": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": ""}, {"colour": "#0fa7af", "local": false, "name": "misp-galaxy:target-information=\"Armenia\"", "relationship_type": ""}, {"colour": "#bd512b", "local": false, "name": "misp-galaxy:target-information=\"Belarus\"", "relationship_type": ""}, {"colour": "#6d455d", "local": false, "name": "misp-galaxy:target-information=\"Bulgaria\"", "relationship_type": ""}, {"colour": "#a3567e", "local": false, "name": "misp-galaxy:target-information=\"Estonia\"", "relationship_type": ""}, {"colour": "#7d6b1a", "local": false, "name": "misp-galaxy:target-information=\"Georgia\"", "relationship_type": ""}, {"colour": "#41c393", "local": false, "name": "misp-galaxy:target-information=\"Kyrgyzstan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Moldova\"", "relationship_type": ""}, {"colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": ""}, {"colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#9f5dac", "local": false, "name": "misp-galaxy:target-information=\"Romania\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Cobalt\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Carbanak\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Cobalt: Their Evolution And Joint Operations", "date": "2018-05-01", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901983}, "2a3c9ac8-a388-48d7-9fbe-e8650d140232": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Thrip\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Catchamas\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies", "date": "2018-06-20", "analysis": 1, "threat_level_id": 2, "timestamp": 1772901983}, "025e2482-fbbe-402c-9f57-7c0b70fe34cb": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Google Cloud Blog\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT40\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#e6caf2", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Chemical\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Engineering\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Shipping\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"AIRBREAK\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HTran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"homefry\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"murkytop\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"scanbox\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally", "date": "2018-07-10", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901984}, "de905993-7d1e-4bcc-b942-50f6be6f0027": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Fortinet\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"GOBLIN PANDA\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NewCore RAT\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] CTA Adversary Playbook: Goblin Panda", "date": "2018-11-01", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901984}, "e992f61a-b40f-4285-bf71-34a563e6794a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Google Cloud Blog\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT40\"", "relationship_type": ""}, {"colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#c180fb", "local": false, "name": "misp-galaxy:target-information=\"Norway\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Aerospace\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Chemical\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Construction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Engineering\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"High tech\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Research - Innovation\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Transport\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"AIRBREAK\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BLACKCOFFEE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CHINACHOPPER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Derusbi (Windows)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"GRILLMARK\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ghost RAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"LunchMoney\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PlugX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ZXShell\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"badflick\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"gsecdump\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"homefry\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"murkytop\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"scanbox\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}], "info": "[Threat Intel] APT40: Examining a China-Nexus Espionage Actor", "date": "2019-03-04", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901987}, "c7f29790-a81b-4831-a8fa-f4a771337d41": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Thrip\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Macau\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Catchamas\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Sagerunex\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Thrip: Ambitious Attacks Against High Level Targets Continue", "date": "2019-09-09", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901988}, "3721650f-7fac-4bfe-bc17-71b5d10e0642": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Oil\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"19f3f2aa-5bb5-4814-be28-5d51c0673f86\"", "relationship_type": ""}], "info": "[Threat Intel] Hibiscus Petroleum suffers cyber attack", "date": "2019-10-08", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901988}, "7463105c-9e41-4f9e-af45-eab5b7b3ef96": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Fox Kitten\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#66e036", "local": false, "name": "misp-galaxy:target-information=\"Austria\"", "relationship_type": ""}, {"colour": "#20962d", "local": false, "name": "misp-galaxy:target-information=\"Finland\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#620e4e", "local": false, "name": "misp-galaxy:target-information=\"Hungary\"", "relationship_type": ""}, {"colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#841801", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": ""}, {"colour": "#4cebc3", "local": false, "name": "misp-galaxy:target-information=\"Lebanon\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"JuicyPotato\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Create Account - T1136\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials in Files - T1081\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Custom Command and Control Protocol - T1094\"", "relationship_type": ""}, {"colour": "#15e278", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Compressed - T1002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Staged - T1074\"", "relationship_type": ""}, {"colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Pass the Hash - T1075\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"", "relationship_type": ""}, {"colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1076\"", "relationship_type": ""}, {"colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#2ced92", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1100\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-tool=\"Mimikatz - S0002\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Fox Kitten \u2013 Widespread Iranian Espionage-Offensive Campaign", "date": "2020-02-16", "analysis": 1, "threat_level_id": 1, "timestamp": 1780039897}, "7da78936-e9c1-4136-acef-e0fadbecce8b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Naikon\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Naikon\u2019s Aria", "date": "2020-05-08", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901992}, "8082801e-d211-46a0-8d90-445d642181b3": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Contact List - T1636.003\"", "relationship_type": ""}, {"colour": "#704a15", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1429\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internet Connection Discovery - T1422.001\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] \"StayHomeMalaysia.apk\"", "date": "2020-06-02", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901992}, "b7e6e5f1-3378-440d-ae62-ffa6387887bc": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#704a15", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1429\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internet Connection Discovery - T1422.001\"", "relationship_type": ""}, {"colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Contact List - T1636.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Call Control - T1616\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] \"Hadiah.apk\"", "date": "2020-06-02", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901993}, "76d18fbe-0d66-412d-90f6-6e1d9f6d7dbe": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CrowdStrike\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#7d6b1a", "local": false, "name": "misp-galaxy:target-information=\"Georgia\"", "relationship_type": ""}, {"colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT28\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT29\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SEADADDY\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"X-Tunnel (.NET)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"XTunnel\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] CrowdStrike\u2019s work with the Democratic National Committee: Setting the record straight", "date": "2020-06-05", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901993}, "5b86ba10-d505-42c8-9c28-b1d8ea01cbd9": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-788.062020: MyCERT Alert - Malicious Android APK theme Covid-19 targeting Malaysia users", "date": "2020-06-25", "analysis": 2, "threat_level_id": 2, "timestamp": 1780039909}, "9c2e21c0-3bc1-4868-aa12-9eaaa790ec7a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-789.062020: MyCERT Advisory - StayAtHome malicious APK campaign", "date": "2020-06-27", "analysis": 2, "threat_level_id": 2, "timestamp": 1780039914}, "67ecc7f8-bc10-4329-b975-097c929fd5f9": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Police - Law enforcement\"", "relationship_type": ""}, {"colour": "#d5270f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Call Log - T1433\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Contact List - T1432\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Sensitive Data in Device Logs - T1413\"", "relationship_type": ""}, {"colour": "#85feae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1437\"", "relationship_type": ""}, {"colour": "#704a15", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1429\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Broadcast Receivers - T1402\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#566f91", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Carrier Billing Fraud - T1448\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1414\"", "relationship_type": ""}, {"colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Device Administrator Permissions - T1401\"", "relationship_type": ""}, {"colour": "#90e419", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"", "relationship_type": ""}, {"colour": "#b2ee2e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Download New Code at Runtime - T1407\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Evade Analysis Environment - T1523\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Other Network Medium - T1438\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit SS7 to Redirect Phone Calls/SMS - T1449\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit SS7 to Track Device Location - T1450\"", "relationship_type": ""}, {"colour": "#9c4b3a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\"", "relationship_type": ""}, {"colour": "#8c387c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Prompt - T1411\"", "relationship_type": ""}, {"colour": "#775b18", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Location Tracking - T1430\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Information Discovery - T1507\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remotely Track Device Without Authorization - T1468\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stored Application Data - T1409\"", "relationship_type": ""}, {"colour": "#bbb53d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\"", "relationship_type": ""}, {"colour": "#b418fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1422\"", "relationship_type": ""}, {"colour": "#24a1e3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1421\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"00afde8d-6de3-46b1-9f35-e98fc8c1ee07\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-790.072020: MyCERT Alert - SMSSpy using Malaysian Law Enforecement as theme", "date": "2020-07-10", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901995}, "c6b51106-b880-457a-bf18-1e62c3aa8e23": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT41\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#4bec12", "local": false, "name": "misp-galaxy:target-information=\"Chile\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}], "info": "[Threat Intel] US charges five hackers from Chinese state-sponsored group APT41", "date": "2020-09-16", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901995}, "a0553f5e-cf74-4193-a83c-ab30e3891287": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SlothfulMedia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"LaZagne\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"143 - Central Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"151 - Eastern Europe\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] IAmTheKing and the SlothfulMedia malware family", "date": "2020-10-15", "analysis": 2, "threat_level_id": 1, "timestamp": 1772901996}, "145d1f70-b787-44ad-afc9-9607559c4a7f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Hacktivist\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}], "info": "[Threat Intel] Anonymous Malaysia dakwa beberapa laman web kerajaan sudah digodam", "date": "2021-02-01", "analysis": 2, "threat_level_id": 2, "timestamp": 1772901997}, "fdfd2565-97d0-428a-9c6d-8a5c928ca6eb": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Bitdefender\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Naikon\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Nebulae\"", "relationship_type": ""}, {"colour": "#cfba47", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cached Domain Credentials - T1003.005\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#cc5e96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Staged - T1074\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Accounts - T1078.002\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Permissions Modification - T1222\"", "relationship_type": ""}, {"colour": "#44b2c2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1564.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Lateral Tool Transfer - T1570\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": ""}, {"colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#eadc12", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": ""}, {"colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Protocol Tunneling - T1572\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": ""}, {"colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": ""}, {"colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Account Manager - T1003.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#dac154", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": ""}, {"colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": ""}, {"colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Aria-body\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] New Nebulae Backdoor Linked with the NAIKON Group", "date": "2021-04-28", "analysis": 2, "threat_level_id": 1, "timestamp": 1780039935}, "9076ee9a-5ba6-472a-aa4b-dee9f7294009": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Prometheus\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": ""}, {"colour": "#c180fb", "local": false, "name": "misp-galaxy:target-information=\"Norway\"", "relationship_type": ""}, {"colour": "#e6caf2", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": ""}, {"colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Prometheus and Grief are the new additions to the ransomware threat landscape", "date": "2021-06-01", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902000}, "d02c98de-e65b-4cb0-91cc-1f4e54ff9229": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#66e036", "local": false, "name": "misp-galaxy:target-information=\"Austria\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#c180fb", "local": false, "name": "misp-galaxy:target-information=\"Norway\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#e6caf2", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Biomedical\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Health\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Maritime\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Four Chinese Nationals Working with the Ministry of State Security Charged with Global Computer Intrusion Campaign Targeting Intellectual Property and Confidential Business Information, Including Infectious Disease Research", "date": "2021-07-19", "analysis": 2, "threat_level_id": 1, "timestamp": 1772902001}, "c5796e2a-1297-4f8f-b559-00169e2fb88f": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": ""}, {"colour": "#997689", "local": false, "name": "misp-galaxy:target-information=\"Ethiopia\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"GhostEmperor\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"3b16bb5a-eb4f-4603-a909-bebc5df4a46d\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ladon\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PowerCat\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"GhostEmperor\"", "relationship_type": ""}], "info": "[Threat Intel] GhostEmperor: From ProxyLogon to kernel mode", "date": "2021-09-30", "analysis": 2, "threat_level_id": 2, "timestamp": 1780039959}, "fea7d515-1deb-4f0e-bc34-4bb69c9e954d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Emotet\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Technical Malware Analysis: The return of Emotet", "date": "2022-02-13", "analysis": 2, "threat_level_id": 3, "timestamp": 1772902005}, "06c6d7a8-2854-402a-9f01-74715d433ed0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#2cfe4e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Template Injection - T1221\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Office Template Macros - T1137.001\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"5ba3a053-9bd8-47da-b837-2aef418a0a42\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] RTF template injection sample targeting Malaysia", "date": "2022-04-05", "analysis": 2, "threat_level_id": 2, "timestamp": 1780039974}, "490b0aa1-6f7a-4bf7-b41a-581b5eaa148b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}], "info": "[Threat Intel] \u201cURGENT BUSINESS PROPOSAL!!!\u201d 419 scammer wants your help to move someone\u2019s inheritance", "date": "2022-04-27", "analysis": 2, "threat_level_id": 3, "timestamp": 1772902006}, "f2a498fe-04a9-4917-88cc-a32d7ad4e4a8": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Naikon\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Brunei\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Laos\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": ""}, {"colour": "#d39115", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1406\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Viper RAT\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] The Lotus Panda is Awake Again: Analysis of the Last Strike", "date": "2022-04-29", "analysis": 2, "threat_level_id": 1, "timestamp": 1780039979}, "e85ae419-f9ec-48a0-bf9a-152a270c55f6": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake App\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Scam and Malicious APK targeting Malaysian: MyMaidKL Technical Analysis", "date": "2022-05-19", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902007}, "145ab1a4-7880-4eb5-91f8-dd900a76997a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake App\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-834.052022: MyCERT Alert - SMSSpy campaign to steal Malaysian banking user credential", "date": "2022-06-07", "analysis": 2, "threat_level_id": 2, "timestamp": 1780382493}, "bcc25902-9ad5-46bb-b91d-6bf7b5473669": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"SentinelOne\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Aoqin Dragon\"", "relationship_type": ""}, {"colour": "#d58a16", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": ""}, {"colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": ""}, {"colour": "#110e53", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"", "relationship_type": ""}, {"colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Defense Evasion - T1211\"", "relationship_type": ""}, {"colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#fda248", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Services - T1569\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"heyoka\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"mongall\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years", "date": "2022-06-09", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902009}, "85b9fc55-115d-401a-923a-821bbf12cefe": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"16284eb9-b17b-49ec-b51c-f036b698bc60\"", "relationship_type": ""}], "info": "[Threat Intel] DragonForce Malaysia OpsPatuk / OpsIndia", "date": "2022-06-14", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902010}, "10a17a4d-4fa1-4cd5-9540-7990668cac1c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Hacktivist\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"16284eb9-b17b-49ec-b51c-f036b698bc60\"", "relationship_type": ""}], "info": "[Threat Intel] Hacktivist Group DragonForce Malaysia Releases Windows LPE Exploit, Discloses Plans to Evolve into a Ransomware Group", "date": "2023-04-19", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902010}, "2c8ce27e-b187-4141-b875-ed6471fe5531": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-846.072022: MyCERT Alert - Alert on Fake Winning Contest Shopee", "date": "2022-07-27", "analysis": 2, "threat_level_id": 3, "timestamp": 1772902011}, "e60b03e4-6fdb-44a6-b237-da64fc86ec53": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"018 - Southern Africa\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"030 - Eastern Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Maritime\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#c55f42", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive via Library - T1560.002\"", "relationship_type": ""}, {"colour": "#08b028", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Digital Certificates - T1587.003\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploits - T1588.005\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hardware - T1592.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"IP Addresses - T1590.005\"", "relationship_type": ""}, {"colour": "#c295b4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Proxy - T1090.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1587.001\"", "relationship_type": ""}, {"colour": "#eadc12", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Encoding - T1132.002\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1583.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software - T1592.002\"", "relationship_type": ""}, {"colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steganography - T1001.002\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#1a8d0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"", "relationship_type": ""}, {"colour": "#6fe7f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Tool - T1588.002\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"TA428\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Worok\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Worok: The big picture", "date": "2022-09-06", "analysis": 2, "threat_level_id": 1, "timestamp": 1780040006}, "1593737f-2ea7-4979-9ae0-0cf117af1c26": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"f8334ef2-9d35-48de-aa5e-bcdcd4c4d714\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}], "info": "[Threat Intel] Scam Android app steals Bank Credentials and SMS: MyPetronas APK", "date": "2022-09-15", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902013}, "857353ab-d28e-4b35-8dbd-7fde005ec133": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"f8334ef2-9d35-48de-aa5e-bcdcd4c4d714\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-862.092022: MyCERT Alert - MyPetronas Malicious Application", "date": "2022-09-16", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902014}, "c44d92e6-25fb-4c25-be68-e518d74aa44d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#c70b8f", "local": false, "name": "misp-galaxy:target-information=\"Portugal\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Agent Tesla\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Mass email campaign with a pinch of targeted spam", "date": "2022-09-23", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902015}, "4546595c-d19d-45d9-8f1d-e9f4af9fb7e5": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-880.102022: MyCERT Alert - Scam Purportedly to Help B40 and M40 Families Targeting TNG eWallet Users", "date": "2022-10-28", "analysis": 2, "threat_level_id": 3, "timestamp": 1780040021}, "e142a39b-090a-49fd-9a38-3e2437e429df": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Croxloader\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT41\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Longzhi\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"030 - Eastern Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#08b028", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DCSync - T1003.006\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Fronting - T1090.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Double File Extension - T1036.007\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Addresses - T1589.002\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Defense Evasion - T1211\"", "relationship_type": ""}, {"colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": ""}, {"colour": "#280b0e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Proxy - T1090.002\"", "relationship_type": ""}, {"colour": "#c295b4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internal Proxy - T1090.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": ""}, {"colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Print Processors - T1547.012\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Hack the Real Box: APT41\u2019s New Subgroup Earth Longzhi", "date": "2022-11-09", "analysis": 2, "threat_level_id": 1, "timestamp": 1780040027}, "d5edc429-dafe-449e-bbed-8dd1483c34b3": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Vishing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-888.112022: MyCERT Alert - Suspicious Fraudulent Telephone Calls Asking for Users NRIC Number", "date": "2022-11-16", "analysis": 2, "threat_level_id": 3, "timestamp": 1772902019}, "29ffdf5a-f75a-4d6f-8c70-db59c02bcf19": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"6f48895a-3c7d-4db4-9359-52c8842b332a\"", "relationship_type": ""}], "info": "[Threat Intel] Cubaan godam: Seluruh rangkaian komunikasi ATM selamat", "date": "2023-01-13", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902020}, "0b8b636e-eefc-4ab6-8ffb-a272030fda47": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Roaming Mantis\"", "relationship_type": ""}, {"colour": "#66e036", "local": false, "name": "misp-galaxy:target-information=\"Austria\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Wroba\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}], "info": "[Threat Intel] Roaming Mantis implements new DNS changer in its malicious mobile app in 2022", "date": "2023-01-19", "analysis": 2, "threat_level_id": 2, "timestamp": 1780040116}, "9143a75d-651b-45e6-9a12-39c6cb321397": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Lockbit3\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-907.012023: MyCERT Advisory - Ransomware LockBit 3.0", "date": "2023-01-20", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902022}, "25e986a7-aa5b-4cb7-bc0e-39250b30d17d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"EclecticIQ\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Double File Extension - T1036.007\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"HTML Smuggling - T1027.006\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"MSBuild - T1127.001\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Winlogon Helper DLL - T1547.004\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Dark Pink APT Group Strikes Government Entities in South Asian Countries", "date": "2023-03-10", "analysis": 2, "threat_level_id": 1, "timestamp": 1780040125}, "95c53aa7-b231-4c24-a7de-a7a40a435f1b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] New forces in Southeast Asia: Analysis of the new APT organization Saaiwc Group's attack activities against Southeast Asian military, finance and other departments", "date": "2023-01-06", "analysis": 2, "threat_level_id": 1, "timestamp": 1772902023}, "d321cbcb-6d1a-4cc6-bb06-ba5e9e9437da": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Google Cloud Blog\"", "relationship_type": ""}, {"colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Spyware vendors use 0-days and n-days against popular platforms", "date": "2023-03-29", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902024}, "9b6cede7-8d6c-4aca-8e41-356e8b4f16f5": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Evasive Panda\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Macau\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#bedb1f", "local": false, "name": "misp-galaxy:target-information=\"Nigeria\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#c55f42", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive via Library - T1560.002\"", "relationship_type": ""}, {"colour": "#8b05c0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1123\"", "relationship_type": ""}, {"colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"", "relationship_type": ""}, {"colour": "#9dc839", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": ""}, {"colour": "#0c8fe6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Email Collection - T1114.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1587.001\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": ""}, {"colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Portable Executable Injection - T1055.002\"", "relationship_type": ""}, {"colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1583.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Web Session Cookie - T1539\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Evasive Panda APT group delivers malware via updates for popular Chinese software", "date": "2023-04-26", "analysis": 2, "threat_level_id": 1, "timestamp": 1780040141}, "c0da94a9-7372-4952-9739-2745e76ab85a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Not quite an Easter egg: a new family of Trojan subscribers on Google Play", "date": "2023-05-04", "analysis": 2, "threat_level_id": 3, "timestamp": 1772902026}, "61853de2-8dd1-4192-b828-05018aec7e75": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": ""}, {"colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": ""}, {"colour": "#7c8061", "local": false, "name": "misp-galaxy:target-information=\"Bosnia and Herzegovina\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Brunei\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Development\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"NGO\"", "relationship_type": ""}, {"colour": "#17c030", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive via Utility - T1560.001\"", "relationship_type": ""}, {"colour": "#8b05c0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1123\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Network Shared Drive - T1039\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Double File Extension - T1036.007\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": ""}, {"colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"MSBuild - T1127.001\"", "relationship_type": ""}, {"colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": ""}, {"colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "relationship_type": ""}, {"colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1518.001\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Transfer Data to Cloud Account - T1537\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#d528b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows File and Directory Permissions Modification - T1222.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation Event Subscription - T1546.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Winlogon Helper DLL - T1547.004\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Dark Pink. Episode 2", "date": "2023-05-31", "analysis": 2, "threat_level_id": 1, "timestamp": 1772902027}, "e8d44e49-1725-4b98-ae35-73d07bc73e54": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"030 - Eastern Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"142 - Asia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Smishing\"", "relationship_type": ""}], "info": "[Threat Intel] Chinese-speaking phishing ring behind latest fake fee scam targeting Middle East; another campaign exposed", "date": "2023-06-01", "analysis": 2, "threat_level_id": 3, "timestamp": 1772902028}, "2c2e2c6d-e317-41c1-a232-b49d647b84d0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Messages - T1636.004\"", "relationship_type": ""}, {"colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": ""}], "info": "[Threat Intel] SMS Stealer APK use \"Kahwin\" theme targeting Malaysian: Kad Kahwin Digital APK", "date": "2023-06-23", "analysis": 2, "threat_level_id": 2, "timestamp": 1772902029}, "1d2fa3f0-dd2f-4204-ad90-22bb05763e66": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-951.062023: MyCERT Alert - WhatsappPink Malicious Fake Update Message", "date": "2023-07-13", "analysis": 2, "threat_level_id": 3, "timestamp": 1772902029}, "594728ee-92ad-4f92-9f47-358cce216ba9": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#d6740b", "local": false, "name": "misp-galaxy:target-information=\"Uganda\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}], "info": "[Threat Intel] Related CherryBlos and FakeTrade Android Malware Involved in Scam Campaigns", "date": "2023-07-28", "analysis": 2, "threat_level_id": 3, "timestamp": 1772902030}, "cdc792d9-86a4-4f7c-8ac2-e0ab2a37d5cd": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#bf83fd", "local": false, "name": "misp-galaxy:producer=\"Recorded Future\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Lusca\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Brute Ratel C4\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FunnySwitch\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Spyder\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Winnti (Windows)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"", "relationship_type": ""}, {"colour": "#e72d65", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1574.001\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#280b0e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Proxy - T1090.002\"", "relationship_type": ""}, {"colour": "#eadc12", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1584.004\"", "relationship_type": ""}, {"colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": ""}, {"colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Vulnerability Scanning - T1595.002\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PlugX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ShadowPad\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"reGeorg\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale", "date": "2023-08-08", "analysis": 2, "threat_level_id": 1, "timestamp": 1780382523}, "16cf1b00-dd85-4dec-a1f6-bb7bcf8603e4": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": ""}], "info": "[Threat Intel] Spear-Phishing Stealer Targeting Malaysian: HSBC E-Mail Analysis", "date": "2023-09-25", "analysis": 2, "threat_level_id": 2, "timestamp": 1780040200}, "0ad70cee-9206-4d0d-942d-33f43175f240": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Moriya\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ladon\"", "relationship_type": ""}, {"colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"", "relationship_type": ""}, {"colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#91ee5f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rootkit - T1014\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SManager\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Filter Network Traffic - M1037\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Limit Access to Resource Over Network - M1035\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Password Policies - M1027\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Privileged Account Management - M1026\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Restrict Web-Based Content - M1021\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Kurma\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}], "info": "[Threat Intel] Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors", "date": "2025-04-25", "analysis": 1, "threat_level_id": 1, "timestamp": 1780040215}, "d98383af-37bf-41b2-b15e-cbaffdc5ecdf": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#36a9d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": ""}, {"colour": "#cfba47", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Godzilla Loader\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Godzilla Webshell\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Manufacturing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Retail\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Technology\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Account - T1087.002\"", "relationship_type": ""}, {"colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#f69963", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rename System Utilities - T1036.003\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Alux\"", "relationship_type": ""}], "info": "[Threat Intel] The Espionage Toolkit: A Closer Look at its Advanced Techniques", "date": "2025-03-31", "analysis": 1, "threat_level_id": 2, "timestamp": 1780040331}, "7238406a-dac3-41b6-a63e-4671822af814": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#4985d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Autostart Execution - T1547\"", "relationship_type": ""}, {"colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#40bedd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Windows Event Logs - T1070.001\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": ""}, {"colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FatalRat\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#a3aa59", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"", "relationship_type": ""}, {"colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1194\"", "relationship_type": ""}, {"colour": "#c60dc9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1566.003\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": ""}, {"colour": "#86298e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"", "relationship_type": ""}, {"colour": "#3a0bda", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": ""}, {"colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1487\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1561.002\"", "relationship_type": ""}, {"colour": "#a05856", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"", "relationship_type": ""}, {"colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Construction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Logistic\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Manufacturing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Transport\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}], "info": "[Threat Intel] Operation SalmonSlalom", "date": "2025-02-24", "analysis": 1, "threat_level_id": 2, "timestamp": 1772902035}, "2e6942b8-b695-4934-87b9-dcb18811d13c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#37f8da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#bf6f24", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic Resolution - T1568\"", "relationship_type": ""}, {"colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#c9dbdd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stage Capabilities - T1608\"", "relationship_type": ""}, {"colour": "#cc5e96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": ""}, {"colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#c385b5", "local": false, "name": "misp-galaxy:target-information=\"Morocco\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#4929fe", "local": false, "name": "misp-galaxy:target-information=\"Iraq\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#321f24", "local": false, "name": "misp-galaxy:target-information=\"Ecuador\"", "relationship_type": ""}, {"colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}], "info": "[Threat Intel] Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally", "date": "2025-02-27", "analysis": 1, "threat_level_id": 3, "timestamp": 1780040376}, "10c081ae-38e5-4278-bec4-54debb50add4": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#81b347", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Software - T1219\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#36a9d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": ""}, {"colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#70b0b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#a05856", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"", "relationship_type": ""}, {"colour": "#fdd85e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"", "relationship_type": ""}, {"colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ShadowPad\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT41\"", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}], "info": "[Threat Intel] Updated Shadowpad Malware Leads to Ransomware Deployment", "date": "2025-02-20", "analysis": 1, "threat_level_id": 1, "timestamp": 1772902037}, "6ce88478-5011-443a-821c-02a5caf4fe00": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Brunei\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Call Log - T1636.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1660\"", "relationship_type": ""}, {"colour": "#8eb1d9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1481\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internet Connection Discovery - T1422.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"GUI Input Capture - T1417.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Device Administrator Permissions - T1626.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Messages - T1636.004\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}], "info": "[Threat Intel] Tria stealer targets Android users for SMS exfiltration and financial gain", "date": "2025-01-30", "analysis": 1, "threat_level_id": 2, "timestamp": 1772902037}, "36bf37ab-79d9-45b2-901c-6c5b0292f707": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"", "relationship_type": ""}, {"colour": "#2031cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Filter DLL - T1556.002\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#90e6f2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal or Forge Kerberos Tickets - T1558\"", "relationship_type": ""}, {"colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": ""}, {"colour": "#a320c3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unsecured Credentials - T1552\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": ""}, {"colour": "#327a31", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1027.001\"", "relationship_type": ""}, {"colour": "#dd4476", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Golden Ticket - T1558.001\"", "relationship_type": ""}, {"colour": "#67762a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bash History - T1552.003\"", "relationship_type": ""}, {"colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": ""}, {"colour": "#0505a8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Host Software Binary - T1554\"", "relationship_type": ""}, {"colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": ""}, {"colour": "#f798db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal from Tools - T1027.005\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#3b33aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Subvert Trust Controls - T1553\"", "relationship_type": ""}, {"colour": "#e2a873", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steganography - T1027.003\"", "relationship_type": ""}, {"colour": "#3f00e6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compile After Delivery - T1027.004\"", "relationship_type": ""}, {"colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": ""}, {"colour": "#abbbbf", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Authentication Process - T1556\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:fa5af22e-b260-4dc4-90bd-1c8431b680c0=\"c9d7b877-21aa-4327-8eb2-973b90b259fd\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"142 - Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"150 - Europe\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#9c7ff4", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": ""}, {"colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": ""}, {"colour": "#e6caf2", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ShadowPad\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"poisonplug\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Scatterbrain\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT41\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}], "info": "[Threat Intel] Unmasking the Shadow of PoisonPlug's Obfuscator", "date": "2025-01-29", "analysis": 1, "threat_level_id": 1, "timestamp": 1772902038}, "347c0089-b4d3-4cbc-862d-3666180df28b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#bf83fd", "local": false, "name": "misp-galaxy:producer=\"Recorded Future\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": ""}, {"colour": "#eadc12", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": ""}, {"colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": ""}, {"colour": "#e72d65", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1574.001\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#7eb739", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Msiexec - T1218.007\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#d9dfae", "local": false, "name": "misp-galaxy:target-information=\"Mongolia\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#997689", "local": false, "name": "misp-galaxy:target-information=\"Ethiopia\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"RedDelta\"", "relationship_type": ""}, {"colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": ""}, {"colour": "#3500cd", "local": false, "name": "rectifyq:detection-rules=\"sigma-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-malware=\"PlugX - S0013\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Unidentified 115 (Nim Loader)\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats", "date": "2025-01-09", "analysis": 1, "threat_level_id": 1, "timestamp": 1780041095}, "2d00aaa6-8c68-4ac1-8197-2c2471fe9ade": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#983d3b", "local": false, "name": "misp-galaxy:producer=\"Domaintools\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#77a4ec", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Collection - T1114\"", "relationship_type": ""}, {"colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": ""}, {"colour": "#0ec9f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Peripheral Device Discovery - T1120\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": ""}, {"colour": "#81b347", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Software - T1219\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#3b33aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Subvert Trust Controls - T1553\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": ""}, {"colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": ""}, {"colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ghost RAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Lumma Stealer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"RedLine Stealer\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Remcos\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ValleyRAT\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Chinese Malware Delivery Websites", "date": "2025-01-13", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902042}, "751a8f48-fcb7-4f39-9ca1-6e78b550b15c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#5f06d7", "local": false, "name": "misp-galaxy:producer=\"Qualys\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#7adb57", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation of Remote Services - T1210\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#37ffb5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": ""}, {"colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:botnet=\"Mirai\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}], "info": "[Threat Intel] Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai", "date": "2025-01-22", "analysis": 1, "threat_level_id": 3, "timestamp": 1780383623}, "0d554823-c011-4abf-95ce-69d1449a2ff8": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": ""}, {"colour": "#a0d02a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing for Information - T1598\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"nigeria\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#14004d", "local": false, "name": "rectifyq:sub-category=\"leak-infostealer\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Inside a Malware Campaign: A Nigerian Hacker's Perspective", "date": "2025-02-14", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902044}, "a57d13dd-805c-491b-882d-753afdd6fd34": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#7bf409", "local": false, "name": "misp-galaxy:producer=\"CloudSEK\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#3d38fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire Infrastructure - T1583\"", "relationship_type": ""}, {"colour": "#fb3bcd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Host Information - T1592\"", "relationship_type": ""}, {"colour": "#65d24c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": ""}, {"colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": ""}, {"colour": "#b206a3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Accounts - T1586\"", "relationship_type": ""}, {"colour": "#08221e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Application Access Token - T1528\"", "relationship_type": ""}, {"colour": "#4b76ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Org Information - T1591\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#a0d02a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing for Information - T1598\"", "relationship_type": ""}, {"colour": "#6440db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Establish Accounts - T1585\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#8604d0", "local": false, "name": "misp-galaxy:target-information=\"Bahrain\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Ramadan Scams on the Rise: Fake Giveaways, Crypto Traps & Fraudulent Donations", "date": "2025-03-13", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902045}, "28430985-18eb-444f-bc75-8d174a1150bb": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Arctic Wolf\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"INDOHAXSEC TEAM\"", "relationship_type": ""}], "info": "[Threat Intel] INDOHAXSEC \u2013 Emerging Indonesian Hacking Collective", "date": "2025-03-13", "analysis": 1, "threat_level_id": 2, "timestamp": 1772902045}, "81e3d10d-a1e9-463d-8759-a1b878401655": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#7a1ce1", "local": false, "name": "misp-galaxy:producer=\"Silent Push\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#3d38fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire Infrastructure - T1583\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#047df6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Target - T1608.004\"", "relationship_type": ""}, {"colour": "#5c59c9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Accounts - T1586.002\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#65d24c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": ""}, {"colour": "#f9132d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Accounts - T1585.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Addresses - T1589.002\"", "relationship_type": ""}, {"colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": ""}, {"colour": "#b206a3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Accounts - T1586\"", "relationship_type": ""}, {"colour": "#c9dbdd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stage Capabilities - T1608\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#6440db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Establish Accounts - T1585\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1584.001\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Introduces New Banking Phishing Kit", "date": "2025-04-10", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902048}, "009411a0-9eda-4385-bee0-d08e40a9d1ce": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#e96364", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Adversary-in-the-Middle - T1557\"", "relationship_type": ""}, {"colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"", "relationship_type": ""}, {"colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": ""}, {"colour": "#08221e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Application Access Token - T1528\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#6fe7f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Tool - T1588.002\"", "relationship_type": ""}, {"colour": "#7628f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0bbdc3", "local": false, "name": "misp-galaxy:target-information=\"New Zealand\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"ATM skimming\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"CNP \u2013 Card Not Present\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Account Credentials\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Payment Cards\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] NFC Fraud Wave: Evolution of Ghost Tap on the Dark Web", "date": "2025-04-22", "analysis": 1, "threat_level_id": 2, "timestamp": 1772902049}, "a4935432-8884-47bf-b4ad-ffcaa16c2cff": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"SentinelOne\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#eb2300", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Defacement - T1491\"", "relationship_type": ""}, {"colour": "#cfba47", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": ""}, {"colour": "#fda248", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Services - T1569\"", "relationship_type": ""}, {"colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"dragonforce\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists", "date": "2025-05-02", "analysis": 1, "threat_level_id": 2, "timestamp": 1772902050}, "643a2194-c8b1-4f18-98ef-f9767b429683": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Additional Local or Domain Groups - T1098.007\"", "relationship_type": ""}, {"colour": "#40bedd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Windows Event Logs - T1070.001\"", "relationship_type": ""}, {"colour": "#e72d65", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1574.001\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Account - T1087.002\"", "relationship_type": ""}, {"colour": "#90e419", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Fallback Channels - T1008\"", "relationship_type": ""}, {"colour": "#fb3bcd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Host Information - T1592\"", "relationship_type": ""}, {"colour": "#2da3e8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Network Information - T1590\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Lateral Tool Transfer - T1570\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Account - T1087.001\"", "relationship_type": ""}, {"colour": "#ecc598", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Account - T1136.001\"", "relationship_type": ""}, {"colour": "#0aeb95", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Accounts - T1078.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1587.001\"", "relationship_type": ""}, {"colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#d92224", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Multi-Stage Channels - T1104\"", "relationship_type": ""}, {"colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": ""}, {"colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"", "relationship_type": ""}, {"colour": "#c615e8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scanning IP Blocks - T1595.001\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Account Manager - T1003.002\"", "relationship_type": ""}, {"colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": ""}, {"colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": ""}, {"colour": "#8c7e51", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Upload Malware - T1608.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Upload Tool - T1608.002\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Vulnerability Scanning - T1595.002\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-tool=\"sqlmap - S0225\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"JuicyPotato\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"STOWAWAY\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Brute Ratel C4\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Vshell\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sigma-rules=\"Antivirus Web Shell Detection\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sigma-rules=\"SQL Injection Strings In URI\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sigma-rules=\"Potential Recon Activity Via Nltest.EXE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sigma-rules=\"Suspicious Download Via Certutil.EXE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sigma-rules=\"Suspicious Group And Account Reconnaissance Activity Using Net.EXE\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Custom Arsenal Developed to Target Multiple Industries", "date": "2025-05-27", "analysis": 1, "threat_level_id": 1, "timestamp": 1780383646}, "aa3e2699-bdac-4d35-bb29-14432132469b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Akira\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"HiddenTear\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"MedusaLocker\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"lokilocker\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"ralord\"", "relationship_type": ""}, {"colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-1337.062025: MyCERT Advisory - Security Best Practices in Protecting Against Ransomware Threats", "date": "2025-06-06", "analysis": 1, "threat_level_id": 2, "timestamp": 1772902053}, "171b845f-fdc7-47f8-b3c0-2e8cd408612d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"", "relationship_type": ""}, {"colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": ""}, {"colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#423494", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify System Firewall - T1562.004\"", "relationship_type": ""}, {"colour": "#eb2300", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Defacement - T1491\"", "relationship_type": ""}, {"colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#08b028", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"", "relationship_type": ""}, {"colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#732009", "local": false, "name": "misp-galaxy:target-information=\"Colombia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"bert\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}], "info": "[Threat Intel] BERT RANSOMWARE - THE RAVEN FILE", "date": "2025-06-16", "analysis": 1, "threat_level_id": 2, "timestamp": 1780041179}, "d7a12e7c-a9b2-4d1b-98d0-f1ceb6479de8": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#256f6a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL - T1574.001\"", "relationship_type": ""}, {"colour": "#efb098", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Social Media Accounts - T1585.001\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#1c5aae", "local": false, "name": "misp-galaxy:target-information=\"Peru\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"3b16bb5a-eb4f-4603-a909-bebc5df4a46d\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Targeted attacks leverage accounts on popular online platforms as C2 servers", "date": "2025-07-30", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902056}, "acb7fb38-d448-4087-820d-bd8c93156ccc": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#f9b12b", "local": false, "name": "misp-galaxy:producer=\"Cyfirma\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT28\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cannon\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Coreshell\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Downdelph\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"GooseEgg\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Headlace\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HideDRV\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Koadic\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Komplex\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"LoJax\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MASEPIE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"OCEANMAP\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"OLDBAIT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PocoDown\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Responder\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"STEELHOOK\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Sedreco\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Seduploader\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SkinnyBoy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"VPNFilter\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"X-Agent (ELF)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"X-Agent (Windows)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"XTunnel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Zebrocy (AutoIT)\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#7d6b1a", "local": false, "name": "misp-galaxy:target-information=\"Georgia\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Moldova\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#9f5dac", "local": false, "name": "misp-galaxy:target-information=\"Romania\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Syria\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"/etc/passwd and /etc/shadow - T1003.008\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Additional Email Delegate Permissions - T1098.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Access Token - T1550.001\"", "relationship_type": ""}, {"colour": "#d58a16", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive via Utility - T1560.001\"", "relationship_type": ""}, {"colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": ""}, {"colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": ""}, {"colour": "#da180c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bootkit - T1542.003\"", "relationship_type": ""}, {"colour": "#70b0b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": ""}, {"colour": "#40bedd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Windows Event Logs - T1070.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cloud Accounts - T1078.004\"", "relationship_type": ""}, {"colour": "#e8f5ec", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Communication Through Removable Media - T1092\"", "relationship_type": ""}, {"colour": "#91afc2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Component Object Model Hijacking - T1546.015\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials - T1589.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Transfer Size Limits - T1030\"", "relationship_type": ""}, {"colour": "#a42e64", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Network Shared Drive - T1039\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#45a451", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"", "relationship_type": ""}, {"colour": "#59db25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic Data Exchange - T1559.002\"", "relationship_type": ""}, {"colour": "#5c59c9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Accounts - T1586.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#0aebeb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Defense Evasion - T1211\"", "relationship_type": ""}, {"colour": "#6d779a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": ""}, {"colour": "#7adb57", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation of Remote Services - T1210\"", "relationship_type": ""}, {"colour": "#280b0e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Proxy - T1090.002\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#44b2c2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1564.001\"", "relationship_type": ""}, {"colour": "#d12299", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1564.003\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Junk Data - T1001.001\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Logon Script (Windows) - T1037.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Mail Protocols - T1071.003\"", "relationship_type": ""}, {"colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": ""}, {"colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#738de4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Multi-hop Proxy - T1090.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"NTDS - T1003.003\"", "relationship_type": ""}, {"colour": "#37ffb5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": ""}, {"colour": "#1d736f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Sniffing - T1040\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Office Test - T1137.002\"", "relationship_type": ""}, {"colour": "#1ef2bb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Pass the Hash - T1550.002\"", "relationship_type": ""}, {"colour": "#b0513a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Guessing - T1110.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Spraying - T1110.003\"", "relationship_type": ""}, {"colour": "#0ec9f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Peripheral Device Discovery - T1120\"", "relationship_type": ""}, {"colour": "#a0d02a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing for Information - T1598\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Data Staging - T1074.002\"", "relationship_type": ""}, {"colour": "#23cf0e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Email Collection - T1114.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"", "relationship_type": ""}, {"colour": "#91ee5f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rootkit - T1014\"", "relationship_type": ""}, {"colour": "#177fb7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1218.011\"", "relationship_type": ""}, {"colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": ""}, {"colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#f146c3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Sharepoint - T1213.002\"", "relationship_type": ""}, {"colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#db2044", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1598.003\"", "relationship_type": ""}, {"colour": "#08221e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Application Access Token - T1528\"", "relationship_type": ""}, {"colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": ""}, {"colour": "#2cfe4e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Template Injection - T1221\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"", "relationship_type": ""}, {"colour": "#44e07f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Token Impersonation/Theft - T1134.001\"", "relationship_type": ""}, {"colour": "#6fe7f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Tool - T1588.002\"", "relationship_type": ""}, {"colour": "#1acf09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Trusted Relationship - T1199\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Vulnerability Scanning - T1595.002\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#4a5d84", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Services - T1583.006\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}], "info": "[Threat Intel] APT PROFILE \u2013 FANCY BEAR", "date": "2024-06-26", "analysis": 0, "threat_level_id": 1, "timestamp": 1772902057}, "2c0e6dda-fc2d-459a-a095-3e79ab62e4b4": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": ""}, {"colour": "#9dc839", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Staged - T1074\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": ""}, {"colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#370063", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1021.001\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": ""}, {"colour": "#4cebc3", "local": false, "name": "misp-galaxy:target-information=\"Lebanon\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"AsyncRAT\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Gh0st RAT-based GodRAT attacks financial organizations", "date": "2025-08-19", "analysis": 1, "threat_level_id": 3, "timestamp": 1780041214}, "e3637b01-7586-4583-ac45-5de60cd14706": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"SentinelOne\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#3d38fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire Infrastructure - T1583\"", "relationship_type": ""}, {"colour": "#65d24c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": ""}, {"colour": "#b206a3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Accounts - T1586\"", "relationship_type": ""}, {"colour": "#c9dbdd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stage Capabilities - T1608\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#6440db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Establish Accounts - T1585\"", "relationship_type": ""}, {"colour": "#251b6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obtain Capabilities - T1588\"", "relationship_type": ""}, {"colour": "#cf2da1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Develop Capabilities - T1587\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": ""}, {"colour": "#20962d", "local": false, "name": "misp-galaxy:target-information=\"Finland\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#4b3e92", "local": false, "name": "misp-galaxy:target-information=\"Palestine\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"north korea\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms", "date": "2025-09-04", "analysis": 1, "threat_level_id": 2, "timestamp": 1780041236}, "8391fe48-3fc0-4fe0-a550-1e63c7f2f015": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1513\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Abuse Accessibility Features - T1453\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Device Lockout - T1629.002\"", "relationship_type": ""}, {"colour": "#932961", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Video Capture - T1512\"", "relationship_type": ""}, {"colour": "#704a15", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1429\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Messages - T1636.004\"", "relationship_type": ""}, {"colour": "#9c4b3a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Sensitive Data in Device Logs - T1413\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Software - T1663\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1660\"", "relationship_type": ""}, {"colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Datzbro: RAT Hiding Behind Senior Travel Scams", "date": "2025-09-30", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902060}, "625b5d1f-8629-4a9a-9f73-f4e85089b432": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#8f20d0", "local": false, "name": "misp-galaxy:producer=\"Huntress\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#3000b9", "local": false, "name": "rectifyq:workflow=\"enrichment\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": ""}, {"colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ANGRYREBEL\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ghost RAT\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] The Crown Prince, Nezha: A New Tool Favored by China-Nexus Threat Actors", "date": "2025-10-15", "analysis": 1, "threat_level_id": 2, "timestamp": 1780041249}, "23d3c0be-cc64-4844-b0d2-d157f0f5da5e": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Fortinet\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": ""}, {"colour": "#fdd85e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Tracking Malware and Attack Expansion: A Hacker Group's Journey across Asia", "date": "2025-10-17", "analysis": 1, "threat_level_id": 3, "timestamp": 1780041265}, "2cb19adb-c8d9-4146-bc3e-fcf2490199fb": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#4e41fc", "local": false, "name": "misp-galaxy:target-information=\"Ireland\"", "relationship_type": ""}, {"colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#72ab92", "local": false, "name": "misp-galaxy:target-information=\"Lithuania\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Police - Law enforcement\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"eCommerce\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1660\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Smishing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Account Credentials\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] The Smishing Deluge: China-Based Campaign Flooding Global Text Messages", "date": "2025-10-23", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902062}, "d08b6f26-7bc7-409b-89a8-a342ba542772": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#7c6ad9", "local": false, "name": "misp-galaxy:producer=\"Cisco Talos Intelligence Group\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Account - T1087.002\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#3a0bda", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484.001\"", "relationship_type": ""}, {"colour": "#40bedd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Windows Event Logs - T1070.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Permissions Modification - T1222\"", "relationship_type": ""}, {"colour": "#90e419", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#00f752", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\"", "relationship_type": ""}, {"colour": "#70b0b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Transfer Data to Cloud Account - T1537\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": ""}, {"colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#370063", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1021.001\"", "relationship_type": ""}, {"colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Qilin\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Qilin\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SystemBC\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Spraying - T1110.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"", "relationship_type": ""}, {"colour": "#d528b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows File and Directory Permissions Modification - T1222.001\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Uncovering Qilin attack methods exposed through multiple cases", "date": "2025-10-26", "analysis": 1, "threat_level_id": 2, "timestamp": 1780041279}, "e2b56848-b740-4d4f-b2bd-1a6687393bfa": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#08221e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Application Access Token - T1528\"", "relationship_type": ""}, {"colour": "#7adb57", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation of Remote Services - T1210\"", "relationship_type": ""}, {"colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": ""}, {"colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": ""}, {"colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Smoking Gun Uncovered: RPX Relay at PolarEdge's Core Exposed", "date": "2025-10-29", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902064}, "36847759-be6f-4ac7-865d-08c43d89f73a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"404 Keylogger\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}], "info": "[Threat Intel] MA-1400.102025: MyCERT Alert - Email with Malicious Attachment Targeting Internet Banking Users", "date": "2025-10-14", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902065}, "e5bcd8f5-7574-4104-85b2-14a915b2a121": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1660\"", "relationship_type": ""}, {"colour": "#932961", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Video Capture - T1512\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Smishing\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}], "info": "[Threat Intel] Smishing targeting TouchNGo E-Wallet Users", "date": "2025-11-10", "analysis": 1, "threat_level_id": 3, "timestamp": 1780041322}, "8880426c-4970-4b04-b4c3-528c8e3e1eec": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#5dfed4", "local": false, "name": "misp-galaxy:producer=\"Check Point\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Authorized App Store - T1475\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Foreground Persistence - T1541\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Generate Fraudulent Advertising Revenue - T1472\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Hidden Google Play Adware Drains Devices and Disrupts Millions of Users", "date": "2025-11-24", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902066}, "517eafe1-ab7d-4604-833b-542ca374cd2c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": ""}, {"colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Staged - T1074\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"AppDomainManager - T1574.014\"", "relationship_type": ""}, {"colour": "#d58a16", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": ""}, {"colour": "#08b028", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"", "relationship_type": ""}, {"colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": ""}, {"colour": "#4edbe6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Browser Information Discovery - T1217\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cloud Accounts - T1585.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compression - T1027.015\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Debugger Evasion - T1622\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted/Encoded File - T1027.013\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Execution Guardrails - T1480\"", "relationship_type": ""}, {"colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#d12299", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1564.003\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": ""}, {"colour": "#5bb38b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1588.001\"", "relationship_type": ""}, {"colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": ""}, {"colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": ""}, {"colour": "#ece0df", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Video Capture - T1125\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}], "info": "[Threat Intel] Attempts to sniff out governmental affairs in Southeast Asia and Japan", "date": "2025-12-18", "analysis": 1, "threat_level_id": 2, "timestamp": 1780041345}, "284a5040-9bea-495a-9465-2080e97f08df": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake App\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Vishing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Smishing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Phishing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Money Mules\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"CNP \u2013 Card Not Present\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Malware\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Payment Cards\"", "relationship_type": ""}, {"colour": "#9d320e", "local": false, "name": "misp-galaxy:target-information=\"Greece\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#aad0dc", "local": false, "name": "misp-galaxy:target-information=\"Uzbekistan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}, {"colour": "#5f0077", "local": false, "name": "ms-caro-malware:malware-platform=\"AndroidOS\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware", "date": "2026-01-07", "analysis": 1, "threat_level_id": 3, "timestamp": 1779534095}, "f6e08cf8-0233-4db5-a87b-68d99ce7191e": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#9dc839", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic API Resolution - T1027.007\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted/Encoded File - T1027.013\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LNK Icon Smuggling - T1027.012\"", "relationship_type": ""}, {"colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Political party\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BabyLon RAT\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Cyble\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}], "info": "[Threat Intel] The Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government", "date": "2024-09-04", "analysis": 1, "threat_level_id": 2, "timestamp": 1780041379}, "5417de2b-5b2b-4472-8c78-d537058b97d0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}], "info": "MA-1076.052024: MyCERT Advisory - Estate Ransomware", "date": "2024-05-28", "analysis": 1, "threat_level_id": 2, "timestamp": 1772902073}, "cb8ca269-00c8-4df9-903d-3aeb20d0573a": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Bitdefender\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Unfading Sea Haze\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Brunei\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ghost RAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SilentGh0st\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1100\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea", "date": "2024-05-22", "analysis": 1, "threat_level_id": 2, "timestamp": 1780041934}, "81133e85-f177-4cef-ac06-a8a03de535bd": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"SharpPanda\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"b76558a6-755e-48ff-aa0f-2f5815f3687a\"", "relationship_type": ""}], "info": "[Threat Intel] Inside the SharpPanda's Malware Targeting Malaysia", "date": "2024-05-24", "analysis": 1, "threat_level_id": 2, "timestamp": 1780436413}, "020ceb62-7009-41fe-b22f-1ddd6806e4ea": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#1a0065", "local": false, "name": "rectifyq:topic=\"crypto-related\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#7bf409", "local": false, "name": "misp-galaxy:producer=\"CloudSEK\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Phishing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Account Credentials\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Personally Identifiable Information (PII)\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Virtual Currency Fraud\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Cryptocurrency Exchange\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Social Media Scams\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake App\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Scam\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Cross-Border Cryptocurrency Investment Scam Leveraging Social Messaging Channels and Fake Regulatory Credentials", "date": "2026-02-02", "analysis": 1, "threat_level_id": 3, "timestamp": 1780041962}, "14c1cdc4-4306-4f92-9f44-7d6b5ea0d20e": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": ""}, {"colour": "#50e94f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1584.003\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1583.004\"", "relationship_type": ""}, {"colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": ""}, {"colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#6fe7f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Tool - T1588.002\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1584.004\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#370063", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1021.001\"", "relationship_type": ""}, {"colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1584.001\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#69061f", "local": false, "name": "misp-galaxy:target-information=\"Panama\"", "relationship_type": ""}, {"colour": "#8b035d", "local": false, "name": "misp-galaxy:target-information=\"Cyprus\"", "relationship_type": ""}, {"colour": "#74d147", "local": false, "name": "misp-galaxy:target-information=\"Czech Republic\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#9d320e", "local": false, "name": "misp-galaxy:target-information=\"Greece\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#c70b8f", "local": false, "name": "misp-galaxy:target-information=\"Portugal\"", "relationship_type": ""}, {"colour": "#199542", "local": false, "name": "misp-galaxy:target-information=\"Serbia\"", "relationship_type": ""}, {"colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": ""}, {"colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": ""}, {"colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#d9dfae", "local": false, "name": "misp-galaxy:target-information=\"Mongolia\"", "relationship_type": ""}, {"colour": "#cbf48a", "local": false, "name": "misp-galaxy:target-information=\"Papua New Guinea\"", "relationship_type": ""}, {"colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": ""}, {"colour": "#09ea0d", "local": false, "name": "misp-galaxy:target-information=\"Sri Lanka\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#aad0dc", "local": false, "name": "misp-galaxy:target-information=\"Uzbekistan\"", "relationship_type": ""}, {"colour": "#57ece2", "local": false, "name": "misp-galaxy:target-information=\"Djibouti\"", "relationship_type": ""}, {"colour": "#997689", "local": false, "name": "misp-galaxy:target-information=\"Ethiopia\"", "relationship_type": ""}, {"colour": "#453bd5", "local": false, "name": "misp-galaxy:target-information=\"Namibia\"", "relationship_type": ""}, {"colour": "#2ea969", "local": false, "name": "misp-galaxy:target-information=\"Niger\"", "relationship_type": ""}, {"colour": "#bedb1f", "local": false, "name": "misp-galaxy:target-information=\"Nigeria\"", "relationship_type": ""}, {"colour": "#5e8ca8", "local": false, "name": "misp-galaxy:target-information=\"Zambia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Bolivia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Venezuela\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"4605654f-8487-4d17-bfbb-bbcc223281d5\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"3b16bb5a-eb4f-4603-a909-bebc5df4a46d\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Havoc\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Sliver\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SparkRAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Vshell\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] The Shadow Campaigns: Uncovering Global Espionage", "date": "2026-02-05", "analysis": 1, "threat_level_id": 1, "timestamp": 1780041984}, "033d1a45-804d-43ad-b916-a942ecf806fa": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MUSTANG PANDA\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#7f009f", "local": false, "name": "ms-caro-malware:malware-platform=\"WinNT\"", "relationship_type": ""}, {"colour": "#03bdda", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1073\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#d9dfae", "local": false, "name": "misp-galaxy:target-information=\"Mongolia\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1088\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"", "relationship_type": ""}, {"colour": "#8196ba", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns", "date": "2026-01-27", "analysis": 1, "threat_level_id": 2, "timestamp": 1780041987}, "2e091577-f7df-47ed-a59f-07e5eb07b7a7": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"002 - Africa\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"142 - Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Diplomacy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Political party\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT27\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT41\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MUSTANG PANDA\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CHINACHOPPER\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ghost RAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HTran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PlugX\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}], "info": "[Threat Intel] Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia", "date": "2024-05-23", "analysis": 1, "threat_level_id": 2, "timestamp": 1780042000}, "dc2f7910-970e-4fcf-959c-3af92d852962": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Nood RAT\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ANGRYREBEL\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT27\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Calypso\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}], "info": "[Threat Intel] Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups", "date": "2024-06-11", "analysis": 1, "threat_level_id": 2, "timestamp": 1772902081}, "d3902c9c-0327-47f0-aab1-e65f6c602815": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Medium\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#37ffb5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": ""}, {"colour": "#efb098", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Social Media Accounts - T1585.001\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Game\"", "relationship_type": ""}], "info": "[Threat Intel] Profile: Lizard Squad", "date": "2024-06-14", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902081}, "f0dae99d-cc52-47ed-9db9-f8b09d2a05de": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"UNC3886\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"021 - Northern America\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"VIRTUALGATE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"tsh\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}], "info": "[Threat Intel] Cloaked and Covert: Uncovering UNC3886 Espionage Operations", "date": "2024-06-19", "analysis": 1, "threat_level_id": 2, "timestamp": 1780042069}, "7e4ee64e-fd50-4eae-ad50-abe0022f5401": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#40bedd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Windows Event Logs - T1070.001\"", "relationship_type": ""}, {"colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": ""}, {"colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Account - T1087.002\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": ""}, {"colour": "#ecc598", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Account - T1136.001\"", "relationship_type": ""}, {"colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": ""}, {"colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": ""}, {"colour": "#370063", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1021.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SQL Stored Procedures - T1505.001\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}], "info": "[Threat Intel] Patch or Peril: A Veeam vulnerability incident", "date": "2024-07-10", "analysis": 1, "threat_level_id": 2, "timestamp": 1780042076}, "3e513f64-7c35-4a0b-8f70-0ccfa4dfd5ff": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#bf83fd", "local": false, "name": "misp-galaxy:producer=\"Recorded Future\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Storm-2077\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Pantegana\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SparkRAT\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Embedded Payloads - T1027.009\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted/Encoded File - T1027.013\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Vulnerability Scanning - T1595.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Diplomacy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Trade\"", "relationship_type": ""}, {"colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": ""}, {"colour": "#63db91", "local": false, "name": "misp-galaxy:target-information=\"Cuba\"", "relationship_type": ""}, {"colour": "#57ece2", "local": false, "name": "misp-galaxy:target-information=\"Djibouti\"", "relationship_type": ""}, {"colour": "#08ee7c", "local": false, "name": "misp-galaxy:target-information=\"Dominican Republic\"", "relationship_type": ""}, {"colour": "#fabbd6", "local": false, "name": "misp-galaxy:target-information=\"Fiji\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}], "info": "[Threat Intel] TAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies", "date": "2024-07-16", "analysis": 1, "threat_level_id": 2, "timestamp": 1780042125}, "d8d6a787-7d6f-4e04-be03-a2c7e015cebe": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CraxsRAT\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Malware\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Phishing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1660\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Abuse Accessibility Features - T1453\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1417.001\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1513\"", "relationship_type": ""}], "info": "[Threat Intel] Beware CraxsRAT: Android Remote Access malware strikes in Malaysia", "date": "2024-07-31", "analysis": 1, "threat_level_id": 1, "timestamp": 1772902084}, "ff1caf0f-773f-4797-865c-4ea44e46cab8": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"ransomhub\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Accounts - T1078.002\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Lateral Tool Transfer - T1570\"", "relationship_type": ""}, {"colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}], "info": "[Threat Intel] RansomHub ransomware-as-a-service", "date": "2024-08-28", "analysis": 1, "threat_level_id": 2, "timestamp": 1772902085}, "d1312ce7-09b1-428d-9ff1-856680e57a98": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Lazarus Group\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Trellix\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BLINDTOAD\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BOOTWRECK\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Bitsran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Brambul\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CHEESETRAY\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CLEANTOAD\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Contopee\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DYEPACK\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DarkComet\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HOTWAX\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Hermes\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NACHOCHEESE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"NESTEGG\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"QUICKCAFE\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"REDSHAWL\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ratankba\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"RatankbaPOS\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"WORMHOLE\"", "relationship_type": ""}, {"colour": "#b32a63", "local": false, "name": "misp-galaxy:target-information=\"Bangladesh\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#4bec12", "local": false, "name": "misp-galaxy:target-information=\"Chile\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"north korea\"", "relationship_type": ""}], "info": "[Threat Intel] APT 38: Un-usual Suspects", "date": "2015-12-04", "analysis": 1, "threat_level_id": 1, "timestamp": 1780042166}, "592acc60-42a9-42e2-ad37-c100dca752e9": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Microsoft\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"PLATINUM\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Diplomacy\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT - ISP\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"REDSALT\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}], "info": "[Threat Intel] PLATINUM Targeted attacks in South and Southeast Asia", "date": "2016-04-29", "analysis": 0, "threat_level_id": 1, "timestamp": 1780042178}, "db240f3d-7cc8-4a58-9b99-69e778ab7a5d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#2d0c2f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable Windows Event Logging - T1562.002\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#40bedd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Windows Event Logs - T1070.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Permissions Modification - T1222\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Execution Guardrails - T1480\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": ""}, {"colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": ""}, {"colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"lockbit5\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Ransomware\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SmokeLoader\"", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Bolivia\"", "relationship_type": ""}, {"colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": ""}, {"colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": ""}, {"colour": "#74d147", "local": false, "name": "misp-galaxy:target-information=\"Czech Republic\"", "relationship_type": ""}, {"colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": ""}, {"colour": "#a3567e", "local": false, "name": "misp-galaxy:target-information=\"Estonia\"", "relationship_type": ""}, {"colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": ""}, {"colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#4e41fc", "local": false, "name": "misp-galaxy:target-information=\"Ireland\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#841801", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": ""}, {"colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#670080", "local": false, "name": "ms-caro-malware:malware-platform=\"Linux\"", "relationship_type": ""}, {"colour": "#7f009f", "local": false, "name": "ms-caro-malware:malware-platform=\"WinNT\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] LockBit strikes with new 5.0 version, targeting Windows, Linux and ESXI systems", "date": "2026-02-12", "analysis": 1, "threat_level_id": 2, "timestamp": 1780042183}, "902d955b-e5f7-4bca-948e-857e6ab0017c": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": ""}, {"colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#5bb38b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1588.001\"", "relationship_type": ""}, {"colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": ""}, {"colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": ""}, {"colour": "#1acf09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Trusted Relationship - T1199\"", "relationship_type": ""}, {"colour": "#6fe7f4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Tool - T1588.002\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#a42e64", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": ""}, {"colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": ""}, {"colour": "#4929fe", "local": false, "name": "misp-galaxy:target-information=\"Iraq\"", "relationship_type": ""}, {"colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": ""}, {"colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#13bb3c", "local": false, "name": "misp-galaxy:target-information=\"Oman\"", "relationship_type": ""}, {"colour": "#19d775", "local": false, "name": "misp-galaxy:target-information=\"Turkmenistan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Chronology of MuddyWater APT Attacks Targeting the Middle East", "date": "2026-02-23", "analysis": 1, "threat_level_id": 2, "timestamp": 1780042189}, "2e319e49-6c2f-442b-ba50-ae7d2e43ddb4": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#5dfed4", "local": false, "name": "misp-galaxy:producer=\"Check Point\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": ""}, {"colour": "#e7d48a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": ""}, {"colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": ""}, {"colour": "#110e53", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"", "relationship_type": ""}, {"colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#aad818", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SSH - T1021.004\"", "relationship_type": ""}, {"colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": ""}, {"colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": ""}, {"colour": "#dac154", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"", "relationship_type": ""}, {"colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": ""}, {"colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": ""}, {"colour": "#4494e4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Protocol or Service Impersonation - T1001.003\"", "relationship_type": ""}, {"colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": ""}, {"colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT41\"", "relationship_type": ""}, {"colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#809a25", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": ""}, {"colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"4a9eade3-5de4-4a80-9c7a-ba3a7566e130\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Silver Dragon Targets Organizations in Southeast Asia and Europe", "date": "2026-03-03", "analysis": 1, "threat_level_id": 2, "timestamp": 1779538617}, "0b6037c8-d75d-4ba2-a378-7e0a2757a051": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Access Removal - T1531\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Digital Certificates - T1588.004\"", "relationship_type": ""}, {"colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Multi-Factor Authentication Interception - T1111\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#db2044", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1598.003\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Analysis of the \u201cKongsi Rezeki\u201d on Threads social media QR-phishing campaign", "date": "2026-02-28", "analysis": 1, "threat_level_id": 3, "timestamp": 1772902089}, "327326e7-354a-45ba-b25e-363984f01010": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ShadowPad\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": ""}, {"colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": ""}, {"colour": "#09ea0d", "local": false, "name": "misp-galaxy:target-information=\"Sri Lanka\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"iox\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Vshell\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Nood RAT\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Godzilla Webshell\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"MimiKatz\"", "relationship_type": ""}, {"colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": ""}, {"colour": "#f8140a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive via Utility - T1560.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DCSync - T1003.006\"", "relationship_type": ""}, {"colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domain Account - T1087.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": ""}, {"colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": ""}, {"colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": ""}, {"colour": "#1ef2bb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Pass the Hash - T1550.002\"", "relationship_type": ""}, {"colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Protocol Tunneling - T1572\"", "relationship_type": ""}, {"colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#23cf0e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Email Collection - T1114.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"", "relationship_type": ""}, {"colour": "#0bacad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rename Legitimate Utilities - T1036.003\"", "relationship_type": ""}, {"colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": ""}, {"colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Account Manager - T1003.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"", "relationship_type": ""}, {"colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}], "info": "[Threat Intel] Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia", "date": "2026-04-30", "analysis": 1, "threat_level_id": 2, "timestamp": 1780386326}, "5109a940-ef8e-4cf9-a5c8-fdfc684aa6ae": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Phishing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Smishing\"", "relationship_type": ""}, {"colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": ""}, {"colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": ""}, {"colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": ""}, {"colour": "#4bec12", "local": false, "name": "misp-galaxy:target-information=\"Chile\"", "relationship_type": ""}, {"colour": "#9f8eb4", "local": false, "name": "misp-galaxy:target-information=\"Costa Rica\"", "relationship_type": ""}, {"colour": "#e459c3", "local": false, "name": "misp-galaxy:target-information=\"Hong Kong\"", "relationship_type": ""}, {"colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": ""}, {"colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": ""}, {"colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": ""}, {"colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": ""}, {"colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Logistic\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Web Session Cookie - T1539\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}], "info": "[Threat Intel] Phoenix Rising: Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns", "date": "2026-04-29", "analysis": 0, "threat_level_id": 3, "timestamp": 1780283638}, "9c16b2b8-dd25-4533-958e-97d8d1c92cca": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Phishing\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Distraction\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Scam\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Merchant Fraud\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Personally Identifiable Information (PII)\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"venezuela\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"australia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"01031d3f-c9c9-4288-bb58-234c38e4246e\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Financial Theft - T1657\"", "relationship_type": ""}, {"colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": ""}, {"colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#b07a0b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Search Open Websites/Domains - T1593\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}], "info": "[Threat Intel] GhostCargo, a 5-years campaign", "date": "2026-04-21", "analysis": 1, "threat_level_id": 2, "timestamp": 1780283625}, "c4af9327-6041-4a3b-99f2-33c7af75c9ad": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": ""}, {"colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Web Session Cookie - T1539\"", "relationship_type": ""}, {"colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": ""}, {"colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": ""}, {"colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": ""}, {"colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": ""}, {"colour": "#e7d11f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Private Keys - T1552.004\"", "relationship_type": ""}, {"colour": "#36a9d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": ""}, {"colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": ""}, {"colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#7628f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": ""}, {"colour": "#08b028", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"", "relationship_type": ""}, {"colour": "#15723e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Launch Agent - T1543.001\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#44b2c2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1564.001\"", "relationship_type": ""}, {"colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": ""}, {"colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#1a0065", "local": false, "name": "rectifyq:topic=\"crypto-related\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#680082", "local": false, "name": "ms-caro-malware:malware-platform=\"MacOS\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}], "info": "[Threat Intel] A new Mac stealer targeting $10K+ crypto wallets", "date": "2026-04-08", "analysis": 1, "threat_level_id": 3, "timestamp": 1780219992}, "c99cb7b0-3736-4cab-b7b5-3b1b4d769179": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] How Scammers Stole Telegram Accounts During Ramadhan 2026", "date": "2026-03-12", "analysis": 1, "threat_level_id": 3, "timestamp": 1780042314}, "bf98b299-b634-41c8-8591-fc1a1da63824": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#4000f5", "local": false, "name": "rectifyq:action-taken=\"report-to-hosting-provider\"", "relationship_type": ""}, {"colour": "#4200ff", "local": false, "name": "rectifyq:action-taken=\"report-google-safe-browsing\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] Phishing Alert: Think Before You Scan!", "date": "2026-03-15", "analysis": 1, "threat_level_id": 3, "timestamp": 1780042317}, "acf129a1-cdf0-4e12-89dd-7e94b1fa5c81": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] PHISH HUNT MY: Hunting a Touch \u2019n Go \u201cDuit Raya\u201d Phishing Campaign Targeting Malaysians", "date": "2026-03-15", "analysis": 1, "threat_level_id": 3, "timestamp": 1774219653}, "a0e17fad-45e1-4ab2-9704-ffed51520720": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Portal Capture - T1056.003\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] QRaya: A Quishing Campaign Targeting TNG eWallet Users During Ramadhan 2026", "date": "2026-03-15", "analysis": 1, "threat_level_id": 3, "timestamp": 1774219650}, "2e75d0d3-61e8-431e-8aaa-b047eaa87b52": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": ""}, {"colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": ""}, {"colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] Phishing Campaign Analysis: \u201cLaptop Percuma / Bantuan E-Wallet\u201d Scam", "date": "2026-03-14", "analysis": 1, "threat_level_id": 3, "timestamp": 1780042329}, "16aad763-2989-4fd3-b6cd-8ceb09e2ef6b": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] TNG eWallet Quishing Campaign", "date": "2026-03-13", "analysis": 1, "threat_level_id": 3, "timestamp": 1780042353}, "4f13ed69-7e1b-42f7-b8a4-8a47116ab229": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] Bantuan Laptop eMadani Phishing Analysis", "date": "2026-03-11", "analysis": 1, "threat_level_id": 3, "timestamp": 1774048981}, "0bb9238e-aab6-461a-94e5-7cf68f16649d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] Full analysis - BANTUAN TUNAI 2025", "date": "2026-03-14", "analysis": 1, "threat_level_id": 3, "timestamp": 1774048956}, "5655b3a1-9dac-4fe3-9da0-4f637ca9206d": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"azerbaijan\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] Touch \u2018n Go / Malaysia Madani Scam QR Phishing analysis!", "date": "2026-03-10", "analysis": 1, "threat_level_id": 3, "timestamp": 1774048953}, "12ec4fe2-55a7-4cd4-b7d4-f3acf5d223e0": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"israel\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": ""}, {"colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT35\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT42\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Cyber Av3ngers\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Fox Kitten\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"OilRig\"", "relationship_type": ""}, {"colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": ""}], "info": "[Threat Intel] Iran \u2014 US/Israel Conflict, how is it impacted Malaysia Organisation?", "date": "2026-03-18", "analysis": 1, "threat_level_id": 2, "timestamp": 1780042396}, "3414f3d9-78e7-4c88-898e-7f39db6f7b68": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#4200ff", "local": false, "name": "rectifyq:action-taken=\"report-google-safe-browsing\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] Phishing Page Semakan Tunai Rahmah", "date": "2026-03-09", "analysis": 1, "threat_level_id": 3, "timestamp": 1774011059}, "d5db54fc-c17c-41dd-bf0e-051090d68e97": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": ""}, {"colour": "#65d24c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Impersonation - T1656\"", "relationship_type": ""}, {"colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#a0d02a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing for Information - T1598\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel][PhishHuntMY] How a Fake eWallet Aid Page Steals Your Telegram Account", "date": "2026-03-07", "analysis": 1, "threat_level_id": 3, "timestamp": 1779539086}, "a30d2c51-b056-4b55-ad4d-971722af82d8": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#120046", "local": false, "name": "rectifyq:sub-category=\"infra-profile\"", "relationship_type": ""}, {"colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1100\"", "relationship_type": ""}, {"colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"8206e5d7-9189-4d8b-855d-339fa45e9c47\"", "relationship_type": ""}, {"colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": ""}, {"colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": ""}, {"colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1587.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"NTDS - T1003.003\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Account Manager - T1003.002\"", "relationship_type": ""}, {"colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Remote Management - T1021.006\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}], "info": "[Threat Intel] Custom Attack Tooling Including Undisclosed C2 Infrastructure Targeting Malaysian Organizations", "date": "2026-05-15", "analysis": 1, "threat_level_id": 2, "timestamp": 1780284361}, "e30b1a07-b830-46e2-bf69-e67eee29d4af": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#48df7e", "local": false, "name": "misp-galaxy:target-information=\"Netherlands\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electronic\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Food\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": ""}, {"colour": "#680082", "local": false, "name": "ms-caro-malware:malware-platform=\"MacOS\"", "relationship_type": ""}, {"colour": "#7f009f", "local": false, "name": "ms-caro-malware:malware-platform=\"WinNT\"", "relationship_type": ""}, {"colour": "#accfc1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Component Object Model - T1559.001\"", "relationship_type": ""}, {"colour": "#d4fd6f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Impair Defenses - T1562\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malvertising - T1583.008\"", "relationship_type": ""}, {"colour": "#30f613", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Mshta - T1218.005\"", "relationship_type": ""}, {"colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": ""}, {"colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": ""}, {"colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise", "date": "2026-05-05", "analysis": 1, "threat_level_id": 3, "timestamp": 1780368452}, "441a0a60-4abf-4afc-8318-eee24dbf5b68": {"Orgc": {"name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4"}, "Tag": [{"colour": "#8f3c0c", "local": false, "name": "misp-galaxy:target-information=\"Croatia\"", "relationship_type": ""}, {"colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": ""}, {"colour": "#9f5dac", "local": false, "name": "misp-galaxy:target-information=\"Romania\"", "relationship_type": ""}, {"colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": ""}, {"colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": ""}, {"colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Zimperium\"", "relationship_type": ""}, {"colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": ""}, {"colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1646\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Generate Traffic from Victim - T1643\"", "relationship_type": ""}, {"colour": "#64af28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1417\"", "relationship_type": ""}, {"colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1603\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Suppress Application Icon - T1628.001\"", "relationship_type": ""}, {"colour": "#bbb53d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\"", "relationship_type": ""}, {"colour": "#b418fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1422\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1437.001\"", "relationship_type": ""}, {"colour": "#5f0077", "local": false, "name": "ms-caro-malware:malware-platform=\"AndroidOS\"", "relationship_type": ""}, {"colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": ""}, {"colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": ""}, {"colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": ""}, {"colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": ""}, {"colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": ""}, {"colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": ""}, {"colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": ""}, {"colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": ""}, {"colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": ""}, {"colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": ""}, {"colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": ""}, {"colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": ""}], "info": "[Threat Intel] Premium Deception: Uncovering a Global Android Carrier Billing Fraud Campaign", "date": "2026-05-20", "analysis": 1, "threat_level_id": 3, "timestamp": 1780284447}}