{ "Event": { "analysis": "1", "date": "2026-03-04", "extends_uuid": "", "info": "[Threat Intel] Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit", "protected": false, "publish_timestamp": "1772824062", "published": true, "threat_level_id": "2", "timestamp": "1772824061", "uuid": "23379b4d-e0aa-43f0-8efd-7491fbf02247", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#6e57da", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#3d38fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire Infrastructure - T1583\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#2ced92", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"", "relationship_type": "" }, { "colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": "" }, { "colour": "#c9dbdd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stage Capabilities - T1608\"", "relationship_type": "" }, { "colour": "#52486a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inter-Process Communication - T1559\"", "relationship_type": "" }, { "colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#0aebeb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"", "relationship_type": "" }, { "colour": "#a42e64", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"", "relationship_type": "" }, { "colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": "" }, { "colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"vulnerability\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#1a0065", "local": false, "name": "rectifyq:topic=\"crypto-related\"", "relationship_type": "" }, { "colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "link", "uuid": "db369e34-2c3a-409d-9672-73aa22bc9d0c", "value": "https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "text", "uuid": "2e84c602-0465-4718-acb7-d36c00c0f9dc", "value": "A sophisticated iOS exploit kit named Coruna has been discovered, targeting iPhones running iOS 13.0 to 17.2.1. The kit contains five full iOS exploit chains and 23 exploits, using advanced techniques and mitigation bypasses. Initially used by a surveillance vendor, it was later employed in targeted attacks against Ukrainian users and broad-scale campaigns by a Chinese financially motivated group. The kit's proliferation suggests an active market for second-hand zero-day exploits. The exploits are well-engineered and documented, with the most advanced using non-public techniques. The ending payload, PLASMAGRID, focuses on stealing financial information and cryptocurrency wallet data." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "text", "uuid": "f265ac6d-ac34-4b6e-a63a-4fc5b4fbacd0", "value": "Name: Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit\nAuthor: AlienVault\nAdversary: UNC6691\nTags: [\"cve-2022-48503\", \"zero-day\", \"coruna\", \"cve-2023-32409\", \"cve-2023-32434\", \"cryptocurrency\", \"cve-2023-41974\", \"cve-2023-43000\", \"cve-2024-23296\", \"cve-2020-27932\", \"cve-2024-23222\", \"ios\", \"surveillance\", \"cve-2024-23225\", \"cve-2021-30952\", \"financial theft\", \"plasmagrid\", \"cve-2020-27950\", \"exploit kit\", \"cve-2023-38606\"]\nTgtd countries: [\"Ukraine\"]\nMlwr families: [\"Coruna\", \"PLASMAGRID\"]\nAttack_ids: [\"T1583\", \"T1129\", \"T1082\", \"T1106\", \"T1190\", \"T1555\", \"T1219\", \"T1055\", \"T1059\", \"T1083\", \"T1064\", \"T1497\", \"T1608\", \"T1559\", \"T1056\", \"T1203\", \"T1213\", \"T1518\"]\nIndustries: [\"Finance\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "threat-actor", "uuid": "8e95496f-3c86-4c7b-b9ab-384f1f4b62a8", "value": "UNC6691" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810704", "to_ids": true, "type": "url", "uuid": "1b58ddc1-c439-4693-b4df-0099b6dcbedf", "value": "http://goodcryptocurrency.top/details/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810727", "to_ids": true, "type": "url", "uuid": "39e15b49-a268-4dfa-b920-ccade5790623", "value": "http://pepeairdrop01.com/static/analytics.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810750", "to_ids": true, "type": "url", "uuid": "dff88887-6ebc-4c4d-9e8c-8bc9a406b04b", "value": "https://binancealliancesintro.com/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810773", "to_ids": true, "type": "url", "uuid": "4b794c3d-1c47-4693-9df3-10adf2b91a33", "value": "https://iphonex.mjdqw.cn/tuiliu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "ef91aed2-9234-4355-91dd-cbc1a07eeed1", "value": "CVE-2020-27932" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "429de61f-b2ef-40ae-b13c-fb5e36e3dc54", "value": "CVE-2020-27950" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "dce8c139-5927-4f2b-8f1d-1eddc3de28e8", "value": "CVE-2021-30952" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "eba5c594-5f01-4a87-bc28-09e7ff524710", "value": "CVE-2022-48503" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "cc487caf-5b7a-4513-9090-acd128fe2a40", "value": "CVE-2023-32409" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "9ff23295-4993-4fd2-8425-8ad0f3d47412", "value": "CVE-2023-32434" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "df11b6d6-be02-458a-950c-b2cc7f985171", "value": "CVE-2023-38606" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "27611d6d-ddc2-4992-a4a8-5e649a0ad833", "value": "CVE-2023-41974" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "509ab51d-16bb-4095-988c-8233208fc09c", "value": "CVE-2023-43000" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "58ce6670-da1c-4016-b19a-b7458e448913", "value": "CVE-2024-23222" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "3a585d99-2536-493f-a9bd-955e1d864f7c", "value": "CVE-2024-23225" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593232", "to_ids": false, "type": "vulnerability", "uuid": "69eea413-e5ae-46ed-9a55-513bd5760403", "value": "CVE-2024-23296" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809626", "to_ids": true, "type": "sha256", "uuid": "19860ff5-bcd6-4c81-b357-bc6fe79dea9d", "value": "023e5fb71923cfa2088b9a48ad8566ff7ac92a99630add0629a5edf4679888de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809628", "to_ids": true, "type": "sha256", "uuid": "431fd843-465b-4624-84c2-67d4bc7190b9", "value": "05b5e4070b3b8a130b12ea96c5526b4615fcae121bb802b1a10c3a7a70f39901", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809631", "to_ids": true, "type": "sha256", "uuid": "a3943d3e-e0e7-43aa-b5c7-4f825d7e9401", "value": "0dff17e3aa12c4928273c70a2e0a6fff25d3e43c0d1b71056abad34a22b03495", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809632", "to_ids": true, "type": "sha256", "uuid": "0b8ec6a7-e03f-42c6-91fd-dfb7c899656b", "value": "10bd8f2f8bb9595664bb9160fbc4136f1d796cb5705c551f7ab8b9b1e658085c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809634", "to_ids": true, "type": "sha256", "uuid": "e37092b0-8408-43ce-a081-2406b47b2349", "value": "18394fcc096344e0730e49a0098970b1c53c137f679cff5c7ff8902e651cd8a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809636", "to_ids": true, "type": "sha256", "uuid": "0c45dd82-d756-40bb-9d14-fe718d03365e", "value": "1fb9dedf1de81d387eff4bd5e747f730dd03c440157a66f20fdb5e95f64318c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809638", "to_ids": true, "type": "sha256", "uuid": "b8708403-5f95-402b-9af5-d4a7a8bc181b", "value": "25a9b004cf61fb251c8d4024a8c7383a86cb30f60aa7d59ca53ce9460fcfb7de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809639", "to_ids": true, "type": "sha256", "uuid": "7d82cbc1-b8d6-46b6-93ce-d167f21b55e2", "value": "2a9d21ca07244932939c6c58699448f2147992c1f49cd3bc7d067bd92cb54f3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809641", "to_ids": true, "type": "sha256", "uuid": "49b89c87-1fb7-4c10-8f36-8e2028bc4551", "value": "3c297829353778857edfeaed3ceeeca1bf8b60534f1979f7d442a0b03c56e541", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809643", "to_ids": true, "type": "sha256", "uuid": "5fd30eae-d052-4ab3-af94-8829ddf8ae54", "value": "42cc02cecd65f22a3658354c5a5efa6a6ec3d716c7fbbcd12df1d1b077d2591b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809645", "to_ids": true, "type": "sha256", "uuid": "4714dd51-bbc9-41ce-9230-e6e617df0946", "value": "499f6b1e012d9bc947eea8e23635dfe6464cd7c9d99eb11d5874bd7b613297b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809647", "to_ids": true, "type": "sha256", "uuid": "9308c5b6-8ae2-45ec-885b-5fd36a6a4569", "value": "4dc255504a6c3ea8714ccdc95cc04138dc6c92130887274c8582b4a96ebab4a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809649", "to_ids": true, "type": "sha256", "uuid": "d292fc18-1e47-45ad-9a12-4e80732b60a0", "value": "4dfcf5a71e5a8f27f748ac7fd7760dec0099ce338722215b4a5862b60c5b2bfd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809651", "to_ids": true, "type": "sha256", "uuid": "141f702a-6f16-4ea6-8730-5db57a97d933", "value": "6eafd742f58db21fbaf5fd7636e6653446df04b4a5c9bca9104e5dfad34f547c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809652", "to_ids": true, "type": "sha256", "uuid": "3b02cbbe-620f-4813-a296-91c7ceb7c6cb", "value": "721b46b43b7084b98e51ab00606f08a6ccd30b23bef5e542088f0b5706a8f780", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809654", "to_ids": true, "type": "sha256", "uuid": "33176ec8-c5e1-49bf-a988-3e95c80142bd", "value": "91d44c1f62fd863556aac0190cbef3b46abc4cbe880f80c580a1d258f0484c30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809656", "to_ids": true, "type": "sha256", "uuid": "b8e01bfb-69ae-4d22-9227-33383e29ba5d", "value": "be28b40df919d3fa87ed49e51135a719bd0616c9ac346ea5f20095cb78031ed9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809658", "to_ids": true, "type": "sha256", "uuid": "0c3f9259-4c17-4737-afcb-78437c891b66", "value": "d371e3bed18ee355438b166bbf3bdaf2e7c6a3af8931181b9649020553b07e7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809660", "to_ids": true, "type": "sha256", "uuid": "6b782e49-4a30-4ee8-91ff-f288b30f4d15", "value": "d517c3868c5e7808202f53fa78d827a308d94500ae9051db0a62e11f7852e802", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809662", "to_ids": true, "type": "sha256", "uuid": "e5696eb6-fdc6-4b6b-9630-1fd27b524767", "value": "f218068ea943a511b230f2a99991f6d1fbc2ac0aec7c796b261e2a26744929ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810795", "to_ids": true, "type": "url", "uuid": "26a75e16-9fb9-4b30-8c97-7d76b65a37a7", "value": "http://bestcryptocurrency.top/details/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810817", "to_ids": true, "type": "url", "uuid": "1d1cc67e-4498-4c87-9053-b8df219b016c", "value": "http://cdn.uacounter.com/stat.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810840", "to_ids": true, "type": "url", "uuid": "bde75ce3-7bb4-4b19-a296-1dd972343e60", "value": "http://cryptocurrencyworld.top/details/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810862", "to_ids": true, "type": "url", "uuid": "31d63882-f915-46e0-a9cc-d0fb74219dd5", "value": "http://ddus17.com/tuiliu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810886", "to_ids": true, "type": "url", "uuid": "985c7fa5-7713-4371-b9e3-24c68bccda4a", "value": "http://land.777bingos.xyz/88k4ez/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810908", "to_ids": true, "type": "url", "uuid": "adea0a04-2b3a-4347-a51f-c48fc6821a8f", "value": "http://land.77bingos.com/88k4ez/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810930", "to_ids": true, "type": "url", "uuid": "abfa4e65-125d-465f-975a-6da6ac2210fe", "value": "http://land.bingo777.now/88k4ez/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810952", "to_ids": true, "type": "url", "uuid": "3f33452c-b9e7-45e1-b91e-29bcf9d98e5f", "value": "https://26a.online/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810974", "to_ids": true, "type": "url", "uuid": "98cfb820-f4ef-41ea-8b11-18a22b5c307d", "value": "https://3v5w1km5gv.xyz/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772810996", "to_ids": true, "type": "url", "uuid": "70b7e289-a96f-4193-98c5-0582c2833e23", "value": "https://4kgame.us/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811019", "to_ids": true, "type": "url", "uuid": "5a9092f0-b32a-4c87-8f25-29973591abb9", "value": "https://4u.game/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811041", "to_ids": true, "type": "url", "uuid": "a422db97-f41d-45df-9202-4baf2ec5380b", "value": "https://65sse.668ddf.cc/tuiliu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811064", "to_ids": true, "type": "url", "uuid": "424b65e6-89fb-41d7-8a08-d7f6b6d2def3", "value": "https://7ff.online/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811086", "to_ids": true, "type": "url", "uuid": "3ba63ead-eaea-40fa-bb91-66e91e5ac0f4", "value": "https://7fun.icu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811108", "to_ids": true, "type": "url", "uuid": "7784dde0-c33c-4652-85ca-0fea24cbf76b", "value": "https://7p.game/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811130", "to_ids": true, "type": "url", "uuid": "4bc1b486-254f-46f8-8842-ae6b4067f3fa", "value": "https://7uspin.us/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811152", "to_ids": true, "type": "url", "uuid": "cf11f3dd-b8c3-4b21-8da6-25d7b04bcc20", "value": "https://98a.online/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811174", "to_ids": true, "type": "url", "uuid": "c5b412ac-46b8-48f5-9e18-54a25f366026", "value": "https://ai-scorepredict.com/static/analytics.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811196", "to_ids": true, "type": "url", "uuid": "8827ba40-e446-4fb7-91b0-5a9027e914f1", "value": "https://ajskbnrs.xn--jor0b302fdhgwnccw8g.com/gogo/list.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811218", "to_ids": true, "type": "url", "uuid": "cf77e8d1-eb0b-41d1-aa97-fb3a9d6b344e", "value": "https://anygg.liquorfight.com/88k4ez/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811240", "to_ids": true, "type": "url", "uuid": "115bb7b9-08bf-49b3-9248-b85716ca6b89", "value": "https://b27.icu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811261", "to_ids": true, "type": "url", "uuid": "614d99fa-e678-4881-912d-c860c164ec2b", "value": "https://btrank.top/tuiliu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811283", "to_ids": true, "type": "url", "uuid": "2a386bcd-3484-4d0c-a487-12a6d4807798", "value": "https://cy8.top/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811305", "to_ids": true, "type": "url", "uuid": "5e7a509b-fed7-4380-823f-17e4d5cddaee", "value": "https://dbgopaxl.com/static/goindex/tuiliu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811327", "to_ids": true, "type": "url", "uuid": "e5b8e24f-371e-4b4c-b48a-2332851cad18", "value": "https://dd9l7e6ghme8pbk.xyz/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811349", "to_ids": true, "type": "url", "uuid": "e347d740-5ea1-4d12-a6e1-69cae607c310", "value": "https://fxrhcnfwxes90q.xyz/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811372", "to_ids": true, "type": "url", "uuid": "63b2d1d0-60fc-4a4d-874d-07a0745ba375", "value": "https://goanalytics.xyz/88k4ez/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811393", "to_ids": true, "type": "url", "uuid": "685a22b2-4892-440c-8ee5-f3d4da55c40f", "value": "https://goodcryptocurrency.top/details/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811416", "to_ids": true, "type": "url", "uuid": "6f9ee726-0002-4b6d-8467-0ded9730667e", "value": "https://h4k.icu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811439", "to_ids": true, "type": "url", "uuid": "6bd177d3-19a8-4ae2-8601-c2aea2e3df6b", "value": "https://i.binaner.com/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811462", "to_ids": true, "type": "url", "uuid": "eec4bc6b-830e-410b-8041-4f78e535050e", "value": "https://ios.teegrom.top/tuiliu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811484", "to_ids": true, "type": "url", "uuid": "ebbc810e-3b53-4e42-a75d-14541b24aaa7", "value": "https://k96.icu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811506", "to_ids": true, "type": "url", "uuid": "53334001-0cbc-4ccd-b15a-2a3ba7e937ac", "value": "https://kanav.blog/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811528", "to_ids": true, "type": "url", "uuid": "e9baa767-d8d0-472a-9d46-3952ae0e5421", "value": "https://land.bingo777.now/88k4ez/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811550", "to_ids": true, "type": "url", "uuid": "f1a5de72-d3dc-4414-b3de-1d15a805458d", "value": "https://lddx3z2d72aa8i6.xyz/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811573", "to_ids": true, "type": "url", "uuid": "8b7a17b3-6288-4aac-b37b-ebe94562ddc3", "value": "https://mkkku.com/static/analytics.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811595", "to_ids": true, "type": "url", "uuid": "997c2de4-6ab1-440a-a11b-4766dd1e01c3", "value": "https://n49.top/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811617", "to_ids": true, "type": "url", "uuid": "4ac8951f-0a9b-48fe-a38e-63f0e06c1d97", "value": "https://ose.668ddf.cc/tuiliu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811639", "to_ids": true, "type": "url", "uuid": "cef25729-8eaa-4dfe-8a5b-cd27b8fa7ec1", "value": "https://osec2.668ddf.cc/tuiliu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811662", "to_ids": true, "type": "url", "uuid": "04cabf30-e2ac-4f40-9724-fdcaafdaa45b", "value": "https://pepeairdrop01.com/static/analytics.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811684", "to_ids": true, "type": "url", "uuid": "35d5707c-3aea-43f1-9440-eb328f407ae3", "value": "https://res54allb.xn--xkrsa0078bd6d.com/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811706", "to_ids": true, "type": "url", "uuid": "395223c5-9a77-4a14-bceb-4eda7d66361b", "value": "https://sadjd.mijieqi.cn/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811728", "to_ids": true, "type": "url", "uuid": "27f9ad47-acdd-40d8-b86b-ce20d3c1df24", "value": "https://seven7.vip/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811751", "to_ids": true, "type": "url", "uuid": "7d9e7010-a112-4a9b-b70d-277653bd5031", "value": "https://share.4u.game/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811773", "to_ids": true, "type": "url", "uuid": "6ce0e2f3-704d-44ec-9359-3be02ff9cbdc", "value": "https://share.7p.game/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811795", "to_ids": true, "type": "url", "uuid": "b0769cf7-dbfa-414b-9ad2-05a9323beb46", "value": "https://sj9ioz3a7y89cy7.xyz/list.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811817", "to_ids": true, "type": "url", "uuid": "0392bc2f-da6b-42b4-b5e9-772d3d3ef7f1", "value": "https://so5083.tubeluck.com/static/goindex/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811839", "to_ids": true, "type": "url", "uuid": "51d23710-5723-4d35-9467-9bd5f95a2176", "value": "https://spin7.icu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811860", "to_ids": true, "type": "url", "uuid": "c4cb20c9-cf96-4cbb-b273-92b9d3c399be", "value": "https://t7c.icu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811882", "to_ids": true, "type": "url", "uuid": "ddb01aa3-f2a3-46c0-8f50-f1dbed341678", "value": "https://w2a315.tubeluck.com/static/goindex/tuiliu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811905", "to_ids": true, "type": "url", "uuid": "76a99d80-e69e-48d6-b9f3-46dccd58241e", "value": "https://www.appstoreconn.com/xmweb/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811926", "to_ids": true, "type": "url", "uuid": "0ae9a288-1785-4b8c-8722-ad88e8e4f7ae", "value": "https://y4w.icu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809664", "to_ids": true, "type": "sha1", "uuid": "964f4c10-0582-499c-bee2-0199f550c5a2", "value": "5527bce58ff886762e5107f3cc0417b85f05522b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:06/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772809666", "to_ids": true, "type": "sha1", "uuid": "89af936f-845f-4f99-a5e1-2cc01f949cca", "value": "67903bcf4d6dbf56b93aa2d8961acac674cf0a34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811948", "to_ids": true, "type": "domain", "uuid": "ce31acf5-1995-4fcd-89c5-31ac3cd231c7", "value": "2s3b3rknfqtwwpo.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811970", "to_ids": true, "type": "domain", "uuid": "075453f1-37be-489a-a252-cac4afd810c5", "value": "4kgame.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772811992", "to_ids": true, "type": "domain", "uuid": "d87f82e0-e339-4637-aec2-bf6a20dcb817", "value": "6zvjeulzaw5c0mv.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812014", "to_ids": true, "type": "domain", "uuid": "01b752ce-a313-41ba-bfd4-6062b000666d", "value": "7fun.icu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812595", "to_ids": true, "type": "domain", "uuid": "a3cc07b7-0b12-45f2-9c6b-5f97b78cd53e", "value": "7uspin.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812617", "to_ids": true, "type": "domain", "uuid": "ffe22a85-bc48-4f65-88d8-05ba9758c1bf", "value": "ai-scorepredict.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812640", "to_ids": true, "type": "domain", "uuid": "f766f622-0d1a-430a-a9ed-55869bcfbb24", "value": "b38w09ecdejfqsf.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812664", "to_ids": true, "type": "domain", "uuid": "3a51a16b-0b81-46be-9411-5b77cfef2fe3", "value": "bestcryptocurrency.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812685", "to_ids": true, "type": "domain", "uuid": "a520b3c4-8e5c-4bd1-a307-4eddaabaffb5", "value": "binancealliancesintro.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812707", "to_ids": true, "type": "domain", "uuid": "74cb3450-2b9b-418d-ad92-2d978ac581c2", "value": "btrank.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812729", "to_ids": true, "type": "domain", "uuid": "38022a14-3ed2-43dc-ac77-3504f768e53f", "value": "cryptocurrencyworld.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812750", "to_ids": true, "type": "domain", "uuid": "104f40da-d6a6-4416-a6d5-1a05955fadfe", "value": "dbgopaxl.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812773", "to_ids": true, "type": "domain", "uuid": "d4d5e69f-9c8d-416e-b630-e48548e9ef51", "value": "dd9l7e6ghme8pbk.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812795", "to_ids": true, "type": "domain", "uuid": "af38cdc5-06c4-4e19-b6e1-f66e91d33467", "value": "ddus17.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812817", "to_ids": true, "type": "domain", "uuid": "0d139b94-0d32-46e2-8ac6-8c605e5bafa4", "value": "eg2bjo5x5r8yjb5.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812840", "to_ids": true, "type": "domain", "uuid": "1c5883cb-d53d-4d4f-9ef4-24c6958fdce7", "value": "fxrhcnfwxes90q.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812862", "to_ids": true, "type": "domain", "uuid": "9ef0e41e-f0b8-4fe7-99d2-747019954f6c", "value": "gdvynopz3pa0tik.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812884", "to_ids": true, "type": "domain", "uuid": "87c13b07-b2f3-4931-b73c-18cd059dd860", "value": "goanalytics.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812906", "to_ids": true, "type": "domain", "uuid": "296d4e31-bda4-4ab6-98d1-71076a49b956", "value": "goodcryptocurrency.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812929", "to_ids": true, "type": "domain", "uuid": "b6620f77-8e4a-4834-981a-debf5110e17d", "value": "gqjs3ra34lyuvzb.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812950", "to_ids": true, "type": "domain", "uuid": "fdd76a34-aeca-4fc5-b5b1-7a06eae8d5ee", "value": "hfteigt3kt0sf3z.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812972", "to_ids": true, "type": "domain", "uuid": "da6d5ea4-ef18-43b8-8e05-b6a0df11e7d3", "value": "hui4tbh9uv9x4yi.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772812993", "to_ids": true, "type": "domain", "uuid": "7e4d2764-aaf5-4981-876e-06086685de7b", "value": "kanav.blog", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813014", "to_ids": true, "type": "domain", "uuid": "e7443e48-b854-42bf-8b28-ebddbe72fafd", "value": "lddx3z2d72aa8i6.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813037", "to_ids": true, "type": "domain", "uuid": "dedbe82f-094f-42b3-a108-c068190482b7", "value": "lk4x6x2ejxaw2br.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813058", "to_ids": true, "type": "domain", "uuid": "9ed6527d-1cd3-4adf-874c-91854cfd3c60", "value": "lsnngjyu9x6vcg0.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813080", "to_ids": true, "type": "domain", "uuid": "4e62469d-702f-40c4-aedc-82d533f96c0e", "value": "mkkku.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813101", "to_ids": true, "type": "domain", "uuid": "a7d9aceb-1374-4a6a-a77e-8ecd40d1160b", "value": "ol67el6pxg03ad7.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813122", "to_ids": true, "type": "domain", "uuid": "cc7fecb9-d4d8-4aa2-aca4-0a1b2d5f59ad", "value": "pen0axt0u476duw.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813144", "to_ids": true, "type": "domain", "uuid": "05beab4a-f063-4501-b6a2-fb0e91812257", "value": "pepeairdrop01.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813165", "to_ids": true, "type": "domain", "uuid": "2d16c2eb-a378-4345-83bc-a3244d22c90f", "value": "rlau616jc7a7f7i.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813188", "to_ids": true, "type": "domain", "uuid": "22c263a8-c77a-4469-ac61-94323f418b89", "value": "roy2tlop2u.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813209", "to_ids": true, "type": "domain", "uuid": "02576a4a-6114-4c0a-b1e2-99c2081472ac", "value": "seven7.vip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813231", "to_ids": true, "type": "domain", "uuid": "550ba7fb-70ff-4f08-ac7b-23d4978d8f2a", "value": "sf2bisx5nhdkygn3l.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813252", "to_ids": true, "type": "domain", "uuid": "b5a44d5f-2e94-4f42-a544-8bf49b6e41f0", "value": "uawwydy3qas6ykv.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813274", "to_ids": true, "type": "domain", "uuid": "29f849fc-415f-4e01-b636-83572f95911a", "value": "vvri8ocl4t3k8n6.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813295", "to_ids": true, "type": "domain", "uuid": "e5d73db6-5d82-4d6b-9e2c-406cdce53d54", "value": "xfal48cf0ies7ew.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813316", "to_ids": true, "type": "domain", "uuid": "107b912a-4826-4620-8555-f3071fa3cacc", "value": "xittgveqaufogve.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813338", "to_ids": true, "type": "domain", "uuid": "8e746683-3047-489a-992a-b97b599be1f2", "value": "xjslbdt9jdijn15.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813359", "to_ids": true, "type": "domain", "uuid": "fc6770bf-9e09-49c6-9774-ce9d515aee8e", "value": "xmmfrkq9oat1daq.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813381", "to_ids": true, "type": "domain", "uuid": "67c1996a-cd84-45ab-997d-94c2af65aadd", "value": "yvgy29glwf72qnl.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813403", "to_ids": true, "type": "domain", "uuid": "7155944f-0a72-45a6-a8ce-28bdc83ad77f", "value": "zcjdlb5ubkhy41u.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813425", "to_ids": true, "type": "domain", "uuid": "8d3e2a71-c7a5-407b-a9f7-2355e5ad2398", "value": "ztvnhmhm4zj95w3.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813446", "to_ids": true, "type": "hostname", "uuid": "a980428f-28c0-4690-b649-f792e3cced02", "value": "65sse.668ddf.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813468", "to_ids": true, "type": "hostname", "uuid": "22127b23-6a79-42a2-a391-a6b87b5ab332", "value": "anygg.liquorfight.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813490", "to_ids": true, "type": "hostname", "uuid": "a2400392-3d54-47bc-b369-14e60e418a00", "value": "cdn.uacounter.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813511", "to_ids": true, "type": "hostname", "uuid": "93184847-7227-4079-964d-f8bdb5dbb65e", "value": "i.binaner.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813533", "to_ids": true, "type": "hostname", "uuid": "dc6c6e4f-4b07-4a02-b91c-c53e2ad8008b", "value": "ios.teegrom.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813554", "to_ids": true, "type": "hostname", "uuid": "63d3157d-9543-4865-9e98-7b2044a065d9", "value": "iphonex.mjdqw.cn", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813575", "to_ids": true, "type": "hostname", "uuid": "a8aa8957-1ad9-4227-8d86-3f4afa4da96c", "value": "land.777bingos.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813597", "to_ids": true, "type": "hostname", "uuid": "d4c90c5f-f533-430f-a0d9-a20d96f829b0", "value": "land.77bingos.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813618", "to_ids": true, "type": "hostname", "uuid": "d366f6d3-110e-4539-8275-39a06ad993c5", "value": "land.bingo777.now", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813640", "to_ids": true, "type": "hostname", "uuid": "a9d20cbe-76f3-4d7f-a57e-59d1d6b4ee3d", "value": "ose.668ddf.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813661", "to_ids": true, "type": "hostname", "uuid": "898b5dd6-6106-4172-b9f7-9a5957f68038", "value": "osec2.668ddf.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813683", "to_ids": true, "type": "hostname", "uuid": "1275ca9a-5a30-4286-bbae-4d035cccf338", "value": "res54allb.xn--xkrsa0078bd6d.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813704", "to_ids": true, "type": "hostname", "uuid": "154aa56b-3d92-4aa7-8482-b0805f2f6aa5", "value": "sadjd.mijieqi.cn", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813726", "to_ids": true, "type": "hostname", "uuid": "e6484d79-8519-4475-b3f5-4bd43826cc62", "value": "so5083.tubeluck.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813747", "to_ids": true, "type": "hostname", "uuid": "74e9523f-7b1a-4a02-8ec5-af5a76443bae", "value": "w2a315.tubeluck.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813768", "to_ids": true, "type": "hostname", "uuid": "fa2206a0-baf2-49eb-a724-be29b84626ca", "value": "www.appstoreconn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813791", "to_ids": true, "type": "url", "uuid": "9e33be99-faac-42e2-a9a7-1c23ad5fbeb6", "value": "https://m.pc6.com/test/tuiliu/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813813", "to_ids": true, "type": "url", "uuid": "310431d2-3530-4c1e-98e1-ff6e58072f3c", "value": "https://seven7.to/group.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813834", "to_ids": true, "type": "domain", "uuid": "1f0c05dd-750f-44fa-bf5a-1b16410eabb8", "value": "v2gmupm7o4zihc3.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813856", "to_ids": true, "type": "domain", "uuid": "af09e02e-b5d4-4357-bbe6-cceb1e408f82", "value": "o08h5rhu2lu1x0q.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772813878", "to_ids": true, "type": "domain", "uuid": "f3aa2ddf-5511-459a-80e8-156a7d57ba6f", "value": "8fn4957c5g986jp.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1772805436", "uuid": "87c28f74-4e9d-4fb8-b08d-db8647dfc6a4", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1772805436", "to_ids": false, "type": "text", "uuid": "38df01df-8f78-4885-ac56-d254bbf82272", "value": "G_Hunting_Exploit_MapJoinEncoder_1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1772805436", "to_ids": false, "type": "comment", "uuid": "105d6c66-f54f-4ebf-af48-a367e3d395cf", "value": "G_Hunting_Exploit_MapJoinEncoder_1" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1772805436", "to_ids": true, "type": "yara", "uuid": "77217c11-a1bb-49df-8f16-805b19dd5460", "value": "rule G_Hunting_Exploit_MapJoinEncoder_1 {\r\n\tmeta:\r\n\t\tauthor = \"Google Threat Intelligence Group (GTIG)\"\r\n\tstrings:\r\n\t\t$s1 = /\\[[^\\]]+\\]\\.map\\(\\w\\s*=>.{0,15}String\\.fromCharCode\\(\\w\\s*\\^\\s*(\\d+)\\).{0,15}\\.join\\(\"\"\\)/\r\n\t\t$fp1 = \"bot|googlebot|crawler|spider|robot|crawling\"\r\n\tcondition:\r\n\t\t1 of ($s*) and not any of ($fp*)\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1772805451", "uuid": "86354f2b-164a-411b-a575-1c09bc9d074b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1772805451", "to_ids": false, "type": "text", "uuid": "c54a0962-3122-417e-bfc4-7074aa27ec0f", "value": "G_Backdoor_PLASMAGRID_Strings_1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1772805451", "to_ids": false, "type": "comment", "uuid": "14633b01-18f3-49d4-a029-292fc0af6a40", "value": "G_Backdoor_PLASMAGRID_Strings_1" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1772805451", "to_ids": true, "type": "yara", "uuid": "3b89ffab-669e-48b5-989c-b0b75845d8ac", "value": "rule G_Backdoor_PLASMAGRID_Strings_1 {\r\n\tmeta:\r\n\t\tauthor = \"Google Threat Intelligence Group (GTIG)\"\r\n\tstrings:\r\n\t\t$ = \"com.plasma.appruntime.appdiscovery\"\r\n\t\t$ = \"com.plasma.appruntime.downloadmanager\"\r\n\t\t$ = \"com.plasma.appruntime.hotupdatemanager\"\r\n\t\t$ = \"com.plasma.appruntime.modulestore\"\r\n\t\t$ = \"com.plasma.appruntime.netconfig\"\r\n\t\t$ = \"com.plasma.bundlemapper\"\r\n\t\t$ = \"com.plasma.event.upload.serial\"\r\n\t\t$ = \"com.plasma.notes.monitor\"\r\n\t\t$ = \"com.plasma.photomonitor\"\r\n\t\t$ = \"com.plasma.PLProcessStateDetector\"\r\n\t\t$ = \"plasma_heartbeat_monitor\"\r\n\t\t$ = \"plasma_injection_dispatcher\"\r\n\t\t$ = \"plasma_ipc_processor\"\r\n\t\t$ = \"plasma_%@.jpg\"\r\n\t\t$ = \"/var/mobile/Library/Preferences/com.plasma.photomonitor.plist\"\r\n\t\t$ = \"helion_ipc_handler\"\r\n\t\t$ = \"PLInjectionStateInfo\"\r\n\t\t$ = \"PLExploitationInterface\"\r\n\tcondition:\r\n\t\t1 of them\r\n}" } ] } ] } }