{ "Event": { "analysis": "1", "date": "2026-04-29", "extends_uuid": "", "info": "[Threat Intel] Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers", "protected": false, "publish_timestamp": "1779546995", "published": true, "threat_level_id": "3", "timestamp": "1779546995", "uuid": "05b20c75-5ab1-49a2-9982-73d1a399edd9", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#790faf", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Direct Network Flood - T1498.001\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#b2a633", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": "" }, { "colour": "#8f36b9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflection Amplification - T1498.002\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#423494", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify System Firewall - T1562.004\"", "relationship_type": "" }, { "colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": "" }, { "colour": "#7628f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": "" }, { "colour": "#4a87cb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Image - T1204.003\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#30cc3b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#a0cbec", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Systemd Service - T1543.002\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778497228", "to_ids": false, "type": "link", "uuid": "1bff1cda-72bc-40b8-89b1-592d44f7d98c", "value": "https://www.darktrace.com/blog/darktrace-malware-analysis-jenkins-honeypot-reveals-emerging-botnet-targeting-online-games", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778497228", "to_ids": false, "type": "text", "uuid": "0f70bc40-04ef-4444-905b-4e1dc5e7df16", "value": "Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778497228", "to_ids": false, "type": "text", "uuid": "3e01d373-b60d-4019-bb7c-82df332fc8c3", "value": "Name: Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers\nAuthor: AlienVault\nAdversary: \nTags: [\"source engine\", \"honeypot analysis\", \"vietnam infrastructure\", \"game servers\", \"win_sys.exe\", \"opportunistic attacks\", \"scripttext abuse\", \"jenkins exploitation\", \"bot_x64\", \"ddos botnet\"]\nTgtd countries: []\nMlwr families: [\"bot_x64\", \"win_sys.exe\"]\nAttack_ids: [\"T1498.001\", \"T1059.007\", \"T1036.005\", \"T1489\", \"T1498.002\", \"T1190\", \"T1036\", \"T1562.004\", \"T1036.004\", \"T1059.004\", \"T1204.003\", \"T1571\", \"T1027\", \"T1095\", \"T1070.004\", \"T1071.001\", \"T1543.002\", \"T1105\"]\nIndustries: [\"Technology\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778977554", "to_ids": true, "type": "ip-dst", "uuid": "844f4826-adf1-42e9-9562-564363f1e051", "value": "45.148.10.212", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778977575", "to_ids": true, "type": "ip-dst", "uuid": "f0ea6401-fd59-4973-a73d-6a85b87d213b", "value": "103.177.110.202", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778977596", "to_ids": true, "type": "ip-dst", "uuid": "cff9f566-e3d7-490e-93d7-f9eda4ca2d9f", "value": "94.154.172.43", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778497228", "to_ids": false, "type": "vulnerability", "uuid": "bfa28165-81ff-4848-b6e6-3c268f49b9ab", "value": "CVE-2025-32975" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:17/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546995", "to_ids": true, "type": "sha256", "uuid": "a902439a-fa8c-465f-8789-74986ab20c77", "value": "86db2530298e6335d3ecc66c2818cfbd0a6b11fcdfcb75f575b9fcce1faa00f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778977617", "to_ids": true, "type": "url", "uuid": "0dd2b7c7-2910-436b-aa55-f3baca1724a3", "value": "http://103.177.110.202/bot_x64.exe", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778977638", "to_ids": true, "type": "url", "uuid": "08246278-034a-4a87-921a-1fcf2510f9d7", "value": "http://103.177.110.202/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546988", "uuid": "788f11a5-baf1-4502-a43c-a2c3281dc4da", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546987", "to_ids": true, "type": "md5", "uuid": "e4bd9920-2c64-49df-9dd8-8b8c2dff3e3f", "value": "1fc0a876a121882ffaad6677f444cf5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546988", "to_ids": true, "type": "sha1", "uuid": "e8907ad7-33a3-46e3-97b0-1d25e5b25f89", "value": "ea690c3acfa6592c601e4b5dd6122805063bac53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546988", "to_ids": true, "type": "sha256", "uuid": "50e9ef5c-bb58-4792-9904-cb93f8f90744", "value": "f79d05065a2ba7937b8781e69b5859d78d5f65f01fb291ae27d28277a5e37f9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970641", "to_ids": true, "type": "ssdeep", "uuid": "3405421a-58a9-4049-9e81-4240e0c7abf0", "value": "24576:b15Xui9rhVfXEUQWZThvkz2cezYcMWGGoO7i:b+i9rhhXDQWZTh8ArMDGQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970641", "to_ids": false, "type": "size-in-bytes", "uuid": "7bd2e260-4e6f-47d3-afa3-cf1f527760ef", "value": "1148360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970641", "to_ids": true, "type": "vhash", "uuid": "4fcee4fc-9094-49c5-8439-622f515fb849", "value": "76ededf0c4a0106e9f69d03ec2c649e8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970641", "to_ids": true, "type": "filename", "uuid": "4c3af036-bdbe-4b75-8bd1-36d3bed79c31", "value": "qigukqo6.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970641", "to_ids": false, "type": "text", "uuid": "301f0dfc-2fff-4e94-af42-b9dfadb1741b", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:30/64\nFirst Submission:2026-04-30T13:21:16.000000+00:00\nLast Submission:2026-04-30T13:21:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546991", "uuid": "8eb48a71-23b1-41c5-8bdb-88c1e3164a7b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546990", "to_ids": true, "type": "md5", "uuid": "491398ee-aaa1-4daf-b3e7-32876e89ae56", "value": "83b7a106a5e810a1781e62b278909396", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546990", "to_ids": true, "type": "sha1", "uuid": "c301dc56-1f1b-435c-9e11-a13e3123be90", "value": "deb4b5841eea43cb8c5777ee33ee09bf294a670d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546991", "to_ids": true, "type": "sha256", "uuid": "211497ce-089c-420b-9633-6be92099a0f1", "value": "b1b2f1e36dcaa36bc587fda1ddc3cbb8e04c3df5f1e3f1341c9d2ec0b0b0ffaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970683", "to_ids": true, "type": "ssdeep", "uuid": "5db238cf-7781-4109-897c-a6000c4ce648", "value": "98304:8FGd68EFMIM0f8ARXaxa6kR5XbEgEk4Bi:8BrFxM0f9RK9c5Yl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970683", "to_ids": false, "type": "size-in-bytes", "uuid": "297ef99a-0a7b-4c04-86c3-26dabcf30496", "value": "4764160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970683", "to_ids": true, "type": "vhash", "uuid": "65185aa8-25be-44e9-9459-f8aa91fc8a9b", "value": "0460b76d7555551c051d1az461f&z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970683", "to_ids": true, "type": "filename", "uuid": "6d6d54fe-0227-44bb-9420-7b360f359402", "value": "2026-03-16_83b7a106a5e810a1781e62b278909396_cobalt-strike_dosia_luca-stealer_quasar-rat" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 09/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970683", "to_ids": false, "type": "text", "uuid": "7b45f9ae-9385-4932-848d-b0e2b9b1b268", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:50/72\nFirst Submission:2026-03-16T12:10:56.000000+00:00\nLast Submission:2026-03-16T20:44:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546993", "uuid": "bd3cdb86-b79b-4e4b-ae67-2f2c9cae8289", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546992", "to_ids": true, "type": "md5", "uuid": "191f48d3-9648-43ed-8c56-acbd73e2de07", "value": "e1ec76a0e1f48901566d53828c34b5dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546993", "to_ids": true, "type": "sha1", "uuid": "e36efd85-4e89-45ea-b809-234787ee9efe", "value": "d3beab2e2252a13d5689e9911c2b2b2fc3a41086", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546993", "to_ids": true, "type": "sha256", "uuid": "0b0a8acd-900d-4d10-a2f5-224f67af4813", "value": "ab6677fcbbb1ff4a22cc3e7355e1c36768ba30bbf5cce36f4ec7ae99f850e6c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778970705", "to_ids": true, "type": "ssdeep", "uuid": "3b9822c4-bf3a-4202-8857-19ac6dbfb874", "value": "48:6IIF9BlQaexhgZr7An0cF5uduvxRxUjbON9XM/ge93ahr0/:y9BOaMEI0cF50uDxUOvXeg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778970705", "to_ids": false, "type": "size-in-bytes", "uuid": "0fcf6c00-b3ef-4864-a572-f57af3f23eee", "value": "4608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778970705", "to_ids": true, "type": "vhash", "uuid": "59a0a509-6ae6-4d25-a356-23d64428f4af", "value": "04303655151bz1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778970705", "to_ids": true, "type": "filename", "uuid": "15d78686-a5ea-4ea0-b1fe-62d0afa5e288", "value": "4tgyqg7.exe" }, { "category": "Other", "comment": "Checked: 17/05/2026\nLast-scan\t: 13/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778970705", "to_ids": false, "type": "text", "uuid": "06ed1e73-fb90-4410-bc6c-8fe2f11f7924", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Mikey.HNC!MTB\nVT Total Detection:56/71\nFirst Submission:2026-03-16T11:33:18.000000+00:00\nLast Submission:2026-03-16T11:33:18.000000+00:00" } ] } ] } }