{ "Event": { "analysis": "1", "date": "2026-04-21", "extends_uuid": "", "info": "[Threat Intel] Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories", "protected": false, "publish_timestamp": "1779544258", "published": true, "threat_level_id": "2", "timestamp": "1779544257", "uuid": "2a07fb7a-4409-4b4e-bd5f-d8c8767c0d40", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#201172", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Dependencies and Development Tools - T1195.001\"", "relationship_type": "" }, { "colour": "#110e53", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#256f6a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL - T1574.001\"", "relationship_type": "" }, { "colour": "#fa3e60", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clear Command History - T1070.003\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#edf46c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"", "relationship_type": "" }, { "colour": "#5780f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Default Accounts - T1078.001\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#1acf09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Trusted Relationship - T1199\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#d596aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\"", "relationship_type": "" }, { "colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"north korea\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776826807", "to_ids": false, "type": "link", "uuid": "139d220e-9ab4-4514-8f43-564cd8384761", "value": "https://www.trendmicro.com/en_us/research/26/d/void-dokkaebi-uses-fake-job-interview-lure-to-spread-malware-via-code-repositories.html" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776826807", "to_ids": false, "type": "text", "uuid": "8579ee13-9ba2-4ade-8ee4-cdbf2969acc6", "value": "Void Dokkaebi, also known as Famous Chollima, has evolved its operations into a self-propagating supply chain threat targeting software developers. The North Korea-aligned group uses fabricated job interviews to lure developers into cloning malicious repositories. Once compromised, the victim's machine becomes an infection vector through two mechanisms: malicious VS Code task configurations that execute automatically when workspaces are opened, and active injection of obfuscated JavaScript into source code files with Git history tampering to conceal modifications. This creates a worm-like propagation chain where each compromised developer seeds new repositories with infection vectors. Analysis in March 2026 identified over 750 infected repositories, with contamination reaching organizations including DataStax and Neutralinojs. The campaign delivers payloads via blockchain infrastructure including Tron, Aptos, and Binance Smart Chain, deploying variants of DEV#POPPER RAT and other tools to steal cryptocurre..." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776826807", "to_ids": false, "type": "text", "uuid": "ffc8a656-9838-4853-bb0e-f746ace73361", "value": "Name: Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories\nAuthor: AlienVault\nAdversary: WageMole\nTags: [\"dev#popper rat\", \"omnistealer\", \"git history tampering\", \"vs code exploitation\", \"worm propagation\", \"supply chain attack\", \"fake job interview\", \"blockchain infrastructure\", \"invisibleferret\", \"repository poisoning\", \"north korea\", \"developer targeting\", \"beavertail\", \"ottercookie\"]\nTgtd countries: []\nMlwr families: [\"DEV#POPPER RAT\", \"InvisibleFerret\", \"OtterCookie\", \"OmniStealer\", \"BeaverTail\"]\nAttack_ids: [\"T1059.007\", \"T1195.001\", \"T1071.004\", \"T1036.005\", \"T1204.002\", \"T1573.001\", \"T1566.001\", \"T1574.001\", \"T1070.003\", \"T1140\", \"T1070.006\", \"T1078.001\", \"T1041\", \"T1547.001\", \"T1199\", \"T1027\", \"T1195.002\", \"T1102.002\", \"T1567.002\", \"T1071.001\"]\nIndustries: [\"Technology\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1777207022", "to_ids": false, "type": "threat-actor", "uuid": "7852e74f-1e1a-47c4-bd2b-ae00849e4652", "value": "Void Dokkaebi", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"WageMole\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213569", "to_ids": true, "type": "ip-dst", "uuid": "df143ec6-b993-4d38-ac5a-9eae946e615b", "value": "166.88.4.2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213590", "to_ids": true, "type": "ip-dst", "uuid": "839f3a13-88c3-4f64-a586-4b45518ad4ae", "value": "85.239.62.36", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213611", "to_ids": true, "type": "ip-dst", "uuid": "c4884874-5ee5-4b5a-93fb-db892efa3310", "value": "23.27.20.143", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213632", "to_ids": true, "type": "ip-dst", "uuid": "30edca29-c526-4470-b558-005837cd7bd8", "value": "23.27.202.27", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213654", "to_ids": true, "type": "ip-dst", "uuid": "bda55bb3-06e3-4593-953f-a0ec025ed3d6", "value": "23.27.120.142", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213675", "to_ids": true, "type": "ip-dst", "uuid": "9db4a2e7-ebac-41c9-bbd7-eea24fe034dc", "value": "154.91.0.196", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213696", "to_ids": true, "type": "ip-dst", "uuid": "09c4397b-d092-4b12-9428-2e8409765d53", "value": "198.105.127.210", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213717", "to_ids": true, "type": "ip-dst", "uuid": "bd061014-0692-4397-bdfb-6563133024c6", "value": "83.168.68.219", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1777207526", "to_ids": true, "type": "ip-dst|port", "uuid": "f387b245-391b-4828-86f7-6bb5dfc85bcf", "value": "136.0.9.8|443" }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1777207526", "to_ids": true, "type": "ip-dst|port", "uuid": "e4f64fd7-c089-4886-b2e1-83493ef47bf6", "value": "198.105.127.210|443" }, { "category": "Network activity", "comment": "On port 27017", "deleted": false, "disable_correlation": false, "timestamp": "1777207526", "to_ids": true, "type": "ip-dst|port", "uuid": "077793b0-12b4-4c90-81a1-e4e469f37cd0", "value": "23.27.202.27|27017" }, { "category": "Network activity", "comment": "On port 443", "deleted": false, "disable_correlation": false, "timestamp": "1777207526", "to_ids": true, "type": "ip-dst|port", "uuid": "061b0469-3393-46d9-be08-76dea3708a02", "value": "154.91.0.196|443" }, { "category": "Network activity", "comment": "On port 27017", "deleted": false, "disable_correlation": false, "timestamp": "1777207526", "to_ids": true, "type": "ip-dst|port", "uuid": "99acd606-3df5-41d3-9dee-7a013b8b1f67", "value": "23.27.20.143|27017" }, { "category": "Network activity", "comment": "On port 27017", "deleted": false, "disable_correlation": false, "timestamp": "1777207526", "to_ids": true, "type": "ip-dst|port", "uuid": "925c8155-440b-4698-9c87-58b7d53c8496", "value": "85.239.62.36|27017" }, { "category": "Network activity", "comment": "On port 27017", "deleted": false, "disable_correlation": false, "timestamp": "1777207526", "to_ids": true, "type": "ip-dst|port", "uuid": "4acd8065-a1f6-422a-9204-b76979983519", "value": "83.168.68.219|27017" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213738", "to_ids": true, "type": "hostname", "uuid": "9a5f2870-638f-4c5d-a6e9-ca7c38b6a562", "value": "vscode-config-settings.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213759", "to_ids": true, "type": "hostname", "uuid": "0524b03e-b18c-4fa4-a302-0cd2a3243918", "value": "vscode-extension-260120.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213781", "to_ids": true, "type": "hostname", "uuid": "634998c1-7e88-447e-bd03-9ef6286e9044", "value": "vscode-settings-config.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213802", "to_ids": true, "type": "hostname", "uuid": "2d4b8ffb-a953-41ba-9520-7897871127e1", "value": "vscode-settings-bootstrap.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213823", "to_ids": true, "type": "hostname", "uuid": "d5653895-7a2a-4ecd-a437-2366a5c83602", "value": "vscode-extensions-bootstrap.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213845", "to_ids": true, "type": "hostname", "uuid": "42cd77c8-32c7-4eea-9d72-170a0c613030", "value": "davhub88.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213866", "to_ids": true, "type": "hostname", "uuid": "12bd6a60-4635-45ce-b434-267954ce005e", "value": "chvsvr.short.gy", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213887", "to_ids": true, "type": "hostname", "uuid": "90f83877-16e6-4876-8bf3-e3e94ac75acf", "value": "pesncv.short.gy", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213908", "to_ids": true, "type": "hostname", "uuid": "48b24a48-acc2-467b-9047-c31853cc531c", "value": "cgbrandh.short.gy", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213930", "to_ids": true, "type": "hostname", "uuid": "8294686b-6aa0-42d3-aee4-3774e6e6b43d", "value": "lackservice.short.gy", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213951", "to_ids": true, "type": "hostname", "uuid": "5253c321-9c44-4e50-9cee-a0128bc2609b", "value": "gurucooldown.short.gy", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213972", "to_ids": true, "type": "hostname", "uuid": "625218ff-d48f-4746-9511-e8dc2114ce5d", "value": "codeviewer-three.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777213993", "to_ids": true, "type": "hostname", "uuid": "f40aee07-fd11-4805-9e9f-b2f86e8226a6", "value": "coreviewer.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214015", "to_ids": true, "type": "hostname", "uuid": "cdf88f9c-3595-423c-b878-ea7949723586", "value": "vscode-helper171.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214036", "to_ids": true, "type": "hostname", "uuid": "e2885600-b11e-4dcb-9d8e-9f963751c3a8", "value": "task-hrec.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214057", "to_ids": true, "type": "hostname", "uuid": "d8690616-d879-4ee1-9e73-1393b558afd0", "value": "vscode-bootstrapper.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214079", "to_ids": true, "type": "hostname", "uuid": "bf1875ee-bba6-4c2f-a716-845fcb238732", "value": "vscode-production-setting.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214100", "to_ids": true, "type": "hostname", "uuid": "88aac6b0-d9b3-4686-8ff5-8c6e6101674a", "value": "vscode-toolkit-settings.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214121", "to_ids": true, "type": "hostname", "uuid": "b11927f7-c50c-48b6-9351-f84b8fc3a45b", "value": "tailwind-version-4.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214142", "to_ids": true, "type": "hostname", "uuid": "ce6f6970-536b-42fa-8b03-d95ed8f0a550", "value": "default-configuration-sandy.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214163", "to_ids": true, "type": "hostname", "uuid": "e3ed87be-b242-4506-a922-b446c35e9382", "value": "260120.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214185", "to_ids": true, "type": "hostname", "uuid": "d8755ca6-44f2-4c9b-b18c-0d11fe82261c", "value": "vscode-ext-git.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214206", "to_ids": true, "type": "hostname", "uuid": "7d57a8f7-5cf9-4b77-94da-cd3ea7d9ffef", "value": "thopywork.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214227", "to_ids": true, "type": "domain", "uuid": "70610732-8136-4917-962a-f525b3a5dd3d", "value": "regioncheck.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214249", "to_ids": true, "type": "hostname", "uuid": "64b8b201-e5df-438c-8b6b-3bd6db76b1d2", "value": "vscode-config.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214270", "to_ids": true, "type": "hostname", "uuid": "c612d791-0322-457e-82df-ff0ddbe93f14", "value": "vscode-helper171-ruby.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214291", "to_ids": true, "type": "hostname", "uuid": "2496fa94-9fbe-4c5c-8199-5b450043d80e", "value": "isvalid-regions.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214312", "to_ids": true, "type": "hostname", "uuid": "4089e742-bf01-4cab-8456-9977bae944c9", "value": "vscode-config-setting.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214333", "to_ids": true, "type": "hostname", "uuid": "412a5164-3399-46b2-b0f9-947c5b4fbb4e", "value": "vscode-settings-config-md.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214354", "to_ids": true, "type": "hostname", "uuid": "3ef1c52b-08c6-4881-969f-f2c4c8536361", "value": "default-configuration.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214375", "to_ids": true, "type": "hostname", "uuid": "e8062a42-3b16-489d-b01c-51572f1f62f7", "value": "ext-checkedin.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777214396", "to_ids": true, "type": "hostname", "uuid": "1bebeec7-babb-4f90-bafc-af31528eae53", "value": "data-kappa.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544255", "uuid": "e06558fa-b91d-45e8-99d4-a0b791968ff8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544254", "to_ids": true, "type": "md5", "uuid": "cea80678-8c92-4663-a69a-94c9c607afae", "value": "a12957e7627cb19fba2a4b155f7258b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544254", "to_ids": true, "type": "sha1", "uuid": "76a7be4a-82aa-4a1a-a31f-d8ee5fafa72d", "value": "78be1ea752622c75fd5c636abc2e6e7a51484323", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544255", "to_ids": true, "type": "sha256", "uuid": "08e6feac-007c-4ec6-9505-0324d774ea59", "value": "23e37cf4e2a7d55ed107b3bc3eb7812a0e3d8f90b23b0c8f549d5c10d089a2c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777212435", "to_ids": true, "type": "ssdeep", "uuid": "b46db48a-08d5-4c6e-a8d8-1c2293429c61", "value": "24:NHbGfHbQaHSMHeHMyBUS8yZMhiPDUP9zo84nBp5W7YGiyY:NqIXY9sDeJY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777212435", "to_ids": false, "type": "size-in-bytes", "uuid": "c85011b2-5f3b-4f07-80bd-2dd5eff58ae3", "value": "1222" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777212435", "to_ids": true, "type": "filename", "uuid": "086b50c8-563a-4dc6-8c04-d16b5d7113ba", "value": "temp_auto_push.bat" }, { "category": "Other", "comment": "Checked: 26/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777212435", "to_ids": false, "type": "text", "uuid": "6a109daf-753d-44a2-a862-37d0ce298eb0", "value": "Type Description: DOS batch file\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:7/61\nFirst Submission:2026-02-12T21:21:37.000000+00:00\nLast Submission:2026-04-17T02:05:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779544257", "uuid": "184db547-7114-4bc7-b8ab-4008f8a0f3e4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779544256", "to_ids": true, "type": "md5", "uuid": "f44b113b-390b-45c8-99ac-3e45418a6291", "value": "4698540a37ca1dc0a6985de696f72b12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779544257", "to_ids": true, "type": "sha1", "uuid": "31240e94-f30e-44af-bfc0-fade7d5ac12a", "value": "0ea77abb1382ea15d243507e5cc922dab91c7d71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779544257", "to_ids": true, "type": "sha256", "uuid": "654143a9-8457-40eb-a2af-125c8c3ba10c", "value": "834a92277f1bd82d4d473ac0aa2ddb23208a3a8763a576b882e7326c42bc5412", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777212457", "to_ids": true, "type": "ssdeep", "uuid": "fbec50db-0489-4308-bd11-171013947a26", "value": "24:kHbGKHbQJHSvHNHLygU9fGZyUMMPps9iUKc1eo4n+9Jn5W7Y4yL:Y58SQycwAbL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777212457", "to_ids": false, "type": "size-in-bytes", "uuid": "69a00e3c-e02f-4a5b-b5ba-46d72ad98db2", "value": "1246" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777212457", "to_ids": true, "type": "filename", "uuid": "5cb55418-0bf4-47b3-8a0d-0b42246d5e73", "value": "temp_auto_push.bat" }, { "category": "Other", "comment": "Checked: 26/04/2026\nLast-scan\t: 25/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777212457", "to_ids": false, "type": "text", "uuid": "15705a54-ffc8-4e47-8514-745365045ae6", "value": "Type Description: DOS batch file\nMicrosoft: None\nVT Total Detection:7/61\nFirst Submission:2026-03-14T04:47:43.000000+00:00\nLast Submission:2026-04-02T09:55:43.000000+00:00" } ] } ] } }