{ "Event": { "analysis": "1", "date": "2026-04-29", "extends_uuid": "", "info": "[Threat Intel] Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware", "protected": false, "publish_timestamp": "1779545910", "published": true, "threat_level_id": "2", "timestamp": "1779545909", "uuid": "048da7d1-03a9-452a-8268-f91373d78f71", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#52774b", "local": false, "name": "misp-galaxy:producer=\"Wiz Blog\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": "" }, { "colour": "#8ed4a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#d596aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#37c019", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cloud Accounts - T1078.004\"", "relationship_type": "" }, { "colour": "#3b4369", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Container API - T1552.007\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Shai-Hulud\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777546820", "to_ids": false, "type": "link", "uuid": "2d8e201f-120c-477e-8aa7-b5e4ce5186c8", "value": "https://www.wiz.io/blog/mini-shai-hulud-supply-chain-sap-npm" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1777546820", "to_ids": false, "type": "text", "uuid": "0432aea1-a0af-4c8f-b698-9b7bd4670a18", "value": "A supply chain operation dubbed 'Mini Shai Hulud' compromised SAP-related npm packages by injecting malicious preinstall scripts that execute during installation. The campaign leverages multi-stage payloads to harvest developer and CI/CD secrets from GitHub, npm, and major cloud providers, exfiltrating data via attacker-controlled GitHub repositories. Malicious versions of legitimate SAP ecosystem packages execute obfuscated payloads that collect GitHub tokens, npm credentials, cloud secrets from AWS, Azure and GCP, Kubernetes tokens, and GitHub Actions secrets. The malware includes propagation logic to infect additional repositories and features browser credential theft capabilities. It performs language checks to avoid Russian-speaking systems. Attribution points to TeamPCP based on shared RSA public keys and overlapping techniques from previous operations." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1777546820", "to_ids": false, "type": "text", "uuid": "7c9b8e07-7ceb-4d44-95e2-b31a0429781a", "value": "Name: Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware\nAuthor: AlienVault\nAdversary: TeamPCP\nTags: [\"ci/cd compromise\", \"mini shai hulud\", \"supply chain attack\", \"github exfiltration\", \"sap ecosystem\", \"credential theft\", \"npm packages\"]\nTgtd countries: []\nMlwr families: [\"Mini Shai Hulud\"]\nAttack_ids: [\"T1132.001\", \"T1059.007\", \"T1204.002\", \"T1543.003\", \"T1082\", \"T1106\", \"T1555\", \"T1555.003\", \"T1083\", \"T1552.001\", \"T1027\", \"T1195.002\", \"T1567.002\", \"T1071.001\", \"T1105\", \"T1078.004\", \"T1552.007\"]\nIndustries: [\"Technology\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1777546820", "to_ids": false, "type": "threat-actor", "uuid": "af3b63c2-2eea-4fd7-9e35-47025a9f1fe8", "value": "TeamPCP" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:03/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545895", "to_ids": true, "type": "md5", "uuid": "5a8cbdf2-7c1a-4739-aaff-6dcc64c8ec76", "value": "04d8a99447b16f6839fff3b978f88d7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:03/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545896", "to_ids": true, "type": "md5", "uuid": "ada47279-95b5-403e-83a0-3f77b17758ef", "value": "8cd683f78735c9bfc32600c73d3d9abe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:03/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545898", "to_ids": true, "type": "md5", "uuid": "2a9c8492-39e0-463a-b1cd-c8f3d8c01803", "value": "e32eaf0c3cde9616831a1e92d42b0058", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:03/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545900", "to_ids": true, "type": "sha1", "uuid": "879c5b17-bc7e-4984-b80b-85ca650e321e", "value": "0af7415d65753f6aede8c9c0f39be478666b9c12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:03/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545902", "to_ids": true, "type": "sha1", "uuid": "c82d5372-5895-4ddb-b16d-aa4f98ce1d6d", "value": "7b6a28e92149637e5d7c7f4a2d3e54acd507c929", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:03/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545904", "to_ids": true, "type": "sha1", "uuid": "91f423d8-c4d1-42eb-8a99-f601c43db6b1", "value": "e80824a19f48d778a746571bb15279b5679fd61c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:03/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545906", "to_ids": true, "type": "sha256", "uuid": "637695d7-1753-4b56-9964-1c2f3e706516", "value": "1d9e4ece8e13c8eaf94cb858470d1bd8f81bb58f62583552303774fa1579edee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:03/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545907", "to_ids": true, "type": "sha256", "uuid": "16c37111-87a7-47e6-a1d7-a8e5dd950fac", "value": "86282ebcd3bebf50f087f2c6b00c62caa667cdcb53558033d85acd39e3d88b41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:03/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545909", "to_ids": true, "type": "sha256", "uuid": "957de375-7dc2-4cae-bc97-06004f8d50f2", "value": "a1da198bb4e883d077a0e13351bf2c3acdea10497152292e873d79d4f7420211", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545876", "uuid": "d20646dd-d348-4dbe-ba67-57ec9dc655cf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545876", "to_ids": true, "type": "md5", "uuid": "2f22f8ee-1053-415e-a7c1-4407cb79ae2e", "value": "00ca0c04d247ef09f2b2acc452029345", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545876", "to_ids": true, "type": "sha1", "uuid": "e39c54fd-3687-485e-9047-85ed8381c419", "value": "ff7ed7a0fa1c43eed01809d076feedbaed464fc7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545876", "to_ids": true, "type": "sha256", "uuid": "4606d714-96a0-4256-8985-e2a54a369a15", "value": "14eb4ce01dd4307759887ff819359b70d7d9ff709ecde039a5abc1aac325b128", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765230", "to_ids": true, "type": "ssdeep", "uuid": "da2c37a1-0b0d-468e-9656-b31d035a5439", "value": "3:VVWHfFwFUAR/rR/EdC/6LcpvNFFnKVWHfFh/Tc8fkEENT/FF8KIIENfBK2KHyLyO:V8eO6/rKLB8UUE6EEftLyTbLK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765230", "to_ids": false, "type": "size-in-bytes", "uuid": "223b6afa-2044-4fc9-9819-68d590db055e", "value": "221" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765230", "to_ids": true, "type": "filename", "uuid": "88f3a885-e664-4001-bc68-98eca203aeea", "value": "settings.json" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765230", "to_ids": false, "type": "text", "uuid": "2c19895d-926d-4638-bab5-dd880b695ac7", "value": "Type Description: JSON\nMicrosoft: None\nVT Total Detection:0/61\nFirst Submission:2026-04-29T18:05:57.000000+00:00\nLast Submission:2026-04-29T18:05:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545879", "uuid": "7c460885-bd83-4aaa-bd8a-1c058c6a0e4b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545878", "to_ids": true, "type": "md5", "uuid": "351d9587-cc18-49a7-8cb4-a1b35acff26f", "value": "35baf8316645372eea40b91d48acb067", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545878", "to_ids": true, "type": "sha1", "uuid": "8c65a871-f6a9-4b8b-bdcf-2386ad5e7922", "value": "307d0fa7407d40e67d14e9d5a4c61ac5b4f20431", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545879", "to_ids": true, "type": "sha256", "uuid": "db000648-25a5-4ddd-939e-ea4945534d96", "value": "4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765273", "to_ids": true, "type": "ssdeep", "uuid": "a3d49993-5d9d-4199-86c0-f612a6ed7dc5", "value": "96:/X/qVk2WMQuvineUEUcqARaTuEr1x7TtURs5T0SZIO5j/ByUFLPf3:nlWvUEUru+r1x7TtURsJ9T7L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765273", "to_ids": false, "type": "size-in-bytes", "uuid": "fcc0f4eb-ecaa-4607-8a8f-d19ff1ae8473", "value": "4549" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765273", "to_ids": true, "type": "filename", "uuid": "c2a7db06-09b9-4be1-b675-f81c14c6fdf7", "value": "setup.mjs" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 01/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765273", "to_ids": false, "type": "text", "uuid": "e16817ee-a8e2-484c-9f6e-f71cb1824656", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/ShaiWorm.DS!MTB\nVT Total Detection:8/62\nFirst Submission:2026-04-29T17:59:22.000000+00:00\nLast Submission:2026-04-29T17:59:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545882", "uuid": "7363b506-74af-44b5-86d7-5ab6b2439618", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545881", "to_ids": true, "type": "md5", "uuid": "a0a8d562-381d-427c-a402-5443abb34b78", "value": "45dc9c02f82b4370ca92785282d43a86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545881", "to_ids": true, "type": "sha1", "uuid": "cba2d7c7-f11e-4511-a7cb-b753e1aebba0", "value": "6bc859aaee1f8885eec2a3016226e877e5adba08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545882", "to_ids": true, "type": "sha256", "uuid": "af66f4c2-a405-45a5-a8a6-8c3549190009", "value": "80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765295", "to_ids": true, "type": "ssdeep", "uuid": "07281760-29aa-49da-a71a-c9ead937cb9c", "value": "49152:rqGWE3AknAgZf2q9PpoGcr3r9BKwmZ6CdJbrAaLcYUr3yx7LfDhLynLcqL8Cw1/a:VOPIxoIQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765295", "to_ids": false, "type": "size-in-bytes", "uuid": "acdb65aa-1089-46c9-b9e6-275e3c623ef9", "value": "11678349" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777765295", "to_ids": true, "type": "vhash", "uuid": "25c70f43-7c82-41d9-8c4f-e421a8d69f29", "value": "bd6867564df924de1feb5b91bdc5a6e9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765295", "to_ids": true, "type": "filename", "uuid": "f06bd122-3a21-4c90-b856-c3b6acce3719", "value": "execution.js" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 03/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765295", "to_ids": false, "type": "text", "uuid": "5836fcdd-6fe6-4cf2-a922-ce0b0580ac63", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/ShaiWorm.DQ!MTB\nVT Total Detection:21/60\nFirst Submission:2026-04-29T11:57:55.000000+00:00\nLast Submission:2026-04-29T12:39:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545885", "uuid": "1237d524-191a-4b13-ad46-138e742e7752", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545884", "to_ids": true, "type": "md5", "uuid": "9d97c758-e33c-4e5c-af51-19b16e047b64", "value": "6fb87d243b011b5445f379f80e1a6b4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545885", "to_ids": true, "type": "sha1", "uuid": "55eebdca-fdb5-41d3-b716-d4e62f3c1273", "value": "bc95cc5dda788295aa0c9456791520599ef99526", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545885", "to_ids": true, "type": "sha256", "uuid": "b33bc138-8c4f-467f-9bee-fc96da5184cc", "value": "6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765316", "to_ids": true, "type": "ssdeep", "uuid": "bf4b61cf-8fc2-4b52-87af-74898d0e3c20", "value": "49152:tPuoNTbvI3eIJoZLZbvoDd2WQaqPvGgUILqx/mQHxcj1D4ZKLqWIP71VrZcezi8K:YPoH3ec" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765316", "to_ids": false, "type": "size-in-bytes", "uuid": "ee4ad72a-110a-4484-8dd9-0e3cea71a122", "value": "11729871" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777765316", "to_ids": true, "type": "vhash", "uuid": "616c72df-77c9-47e8-b707-3c69a83d5feb", "value": "a89c16d574a0ed404bb69484c9742a42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765316", "to_ids": true, "type": "filename", "uuid": "399ea754-d1ed-4c90-8bcf-c110fa1ce790", "value": "execution.js" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 03/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765317", "to_ids": false, "type": "text", "uuid": "5ab3689a-724e-4daf-bd90-0759a91709d7", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/SPchnStlr.BB\nVT Total Detection:17/62\nFirst Submission:2026-04-29T17:59:05.000000+00:00\nLast Submission:2026-04-29T18:05:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545888", "uuid": "a0fb6786-156d-4b43-aad5-0b76c179759a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545887", "to_ids": true, "type": "md5", "uuid": "3e9417e0-fdc3-42cd-8a2d-79b0c9174d14", "value": "b523a69b27064d1715d1f0aaffcfae63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545887", "to_ids": true, "type": "sha1", "uuid": "fdae201f-1517-4f8f-b631-f78062a02c79", "value": "ca4a5bb85778ffcd2153ace88fe2d882c8ceeb23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545888", "to_ids": true, "type": "sha256", "uuid": "2851b3f5-8142-4f20-b755-8313c9fe095f", "value": "eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765359", "to_ids": true, "type": "ssdeep", "uuid": "8be56657-0872-4246-b776-4017065ce355", "value": "49152:AZjYI+b4OtI2nAB66W2Bo/MM/+qtzRqaizbUJZPznLhyUm0GlNIwNM27xDka1Fm7:li8tV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765359", "to_ids": false, "type": "size-in-bytes", "uuid": "6cff4f77-8095-451e-b54a-bc1ee13ba1a2", "value": "11723748" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777765359", "to_ids": true, "type": "vhash", "uuid": "4117cdab-0808-42dd-baac-f7f4535269b5", "value": "a89c16d574a0ed404bb69484c9742a42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765359", "to_ids": true, "type": "filename", "uuid": "88afddad-eed3-4a9a-8c57-b5b011fb2f15", "value": "execution.js" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 03/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765359", "to_ids": false, "type": "text", "uuid": "c9575403-8f9a-4d3b-af95-2076ed674101", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/SPchnStlr.BB\nVT Total Detection:19/60\nFirst Submission:2026-04-29T18:06:30.000000+00:00\nLast Submission:2026-04-29T18:06:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545890", "uuid": "c06c64ea-2917-481f-88f5-2fafed51e51d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545890", "to_ids": true, "type": "md5", "uuid": "4dd82179-3488-4b00-a2d1-5da9128ff3c1", "value": "d468f16eafccbc54a994f3d675ace8ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545890", "to_ids": true, "type": "sha1", "uuid": "afec078a-ba6a-4935-bd86-8f5e70015787", "value": "4b04304f6d51392e3f43856c94ca95800518a694", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545890", "to_ids": true, "type": "sha256", "uuid": "14ee2ca7-a3bd-4dce-bd22-b57f14f9337b", "value": "258257560fe2f1c2cc3924eae40718c829085b52ae3436b4e46d2565f6996271", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765381", "to_ids": true, "type": "ssdeep", "uuid": "fbbe837a-25c7-4bdb-a6c8-b6e5ad1503e4", "value": "49152:G2bOyO8ispJYVJNWWCZPxIFTkt4pdD9QXM/0flmO+CiBA73FIs1Y22hNM5:Gej7KVuWCZPaRpn8lpSBYIsehN2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765381", "to_ids": false, "type": "size-in-bytes", "uuid": "19b5533e-71dd-41ce-bdb2-b14d6d11bf75", "value": "3490641" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777765381", "to_ids": true, "type": "vhash", "uuid": "f0e9b657-a608-414b-b044-7c58ca2a6b80", "value": "4d460952ba3b1980e5225cb2f8895721" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765381", "to_ids": true, "type": "filename", "uuid": "926307e8-ed7d-4b8d-8435-e24838f746c0", "value": "db-service-2.10.1.tgz" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765381", "to_ids": false, "type": "text", "uuid": "bd0490b6-502c-4f20-a644-5bd67e335b29", "value": "Type Description: GZIP\nMicrosoft: None\nVT Total Detection:7/62\nFirst Submission:2026-04-30T09:03:27.000000+00:00\nLast Submission:2026-04-30T09:03:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545893", "uuid": "7b9218cd-98f3-4acf-8194-499c1becc96c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545892", "to_ids": true, "type": "md5", "uuid": "4ed04fcb-eb2f-447a-bd72-22110231f5d8", "value": "dbb9b09957113463bbeb420c2c4108b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545893", "to_ids": true, "type": "sha1", "uuid": "8e59f305-7b9e-49b4-9e79-4fe264ab2747", "value": "7b0278216ac31ec18eca9eb8bc1c1261a1b26f6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545893", "to_ids": true, "type": "sha256", "uuid": "4d98babd-2551-4af5-bf7a-41f84ed448a7", "value": "927387d0cfac1118df4b383decc2ea6ba49c9d2f98b47098bcbcba1efc026e1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765403", "to_ids": true, "type": "ssdeep", "uuid": "52ca9ca0-e564-45a8-b1a9-d8c401d3c0fc", "value": "3:lS1HHTFF+4/jEIIT2eBypd/FFzc8f06Jpv//FkKIIENKKUvHRALyuF1SKi/m/Fln:lS1yPCiugquEEI1vSLy77Wyony8v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765403", "to_ids": false, "type": "size-in-bytes", "uuid": "0ae1ec8d-7a4c-4078-85d0-3af37c3994d7", "value": "217" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765403", "to_ids": true, "type": "filename", "uuid": "e8fd241c-2fda-4cfc-af06-a81c8462abd4", "value": "tasks.json" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765403", "to_ids": false, "type": "text", "uuid": "a755fe87-1f64-4001-904a-8328d56f1936", "value": "Type Description: JSON\nMicrosoft: None\nVT Total Detection:0/61\nFirst Submission:2026-04-29T18:06:13.000000+00:00\nLast Submission:2026-04-29T18:06:13.000000+00:00" } ] } ] } }