{ "Event": { "analysis": "1", "date": "2026-04-10", "extends_uuid": "", "info": "[Threat Intel] ASO RAT: Arabic-Language Android Surveillance Platform Targeting Syria", "protected": false, "publish_timestamp": "1776462981", "published": true, "threat_level_id": "3", "timestamp": "1776462981", "uuid": "3e08d867-e868-4788-b167-ba298c1663b6", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#9edfba", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1587.001\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": "" }, { "colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": "" }, { "colour": "#88559b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Botnet - T1584.005\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#37ffb5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1481.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Call Log - T1636.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Contact List - T1636.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1629.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Location Tracking - T1430\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1509\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"One-Way Communication - T1481.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Messages - T1636.004\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Video Capture - T1512\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Syria\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776135624", "to_ids": false, "type": "link", "uuid": "0e78b827-4382-4fde-aa14-339b78dbc32f", "value": "https://intel.breakglass.tech/post/aso-rat-arabic-android-surveillance-platform-syria", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776135624", "to_ids": false, "type": "text", "uuid": "bf3bdf91-f804-41c4-bc43-2e427a43c9c6", "value": "ASO RAT is a custom Android Remote Access Trojan featuring comprehensive device compromise capabilities including SMS interception, camera access, GPS tracking, call logging, file exfiltration, and DDoS functionality. Operating from Frankfurt-based infrastructure with connections to Syria, the platform disguises itself as PDF readers and Syrian government applications. Investigation revealed two active C2 servers, four DDNS domains, eight malicious APK samples with the newest achieving 0/66 antivirus detections, and complete reverse-engineered panel architecture exposing 21 API endpoints. The multi-user panel with role-based access control suggests RAT-as-a-Service operations. Infrastructure includes historical VPS providers and Starlink satellite connections geolocated to Syria. The developer's Arabic-language interface and Syria-themed lures indicate targeting of opposition figures, journalists, and military personnel within the Syrian conflict theater." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776135624", "to_ids": false, "type": "text", "uuid": "faed8a79-283b-4ccb-a710-63d099ab29fe", "value": "Name: ASO RAT: Arabic-Language Android Surveillance Platform Targeting Syria\nAuthor: AlienVault\nAdversary: \nTags: [\"apk-builder\", \"arabic-language\", \"c2-infrastructure\", \"ddns\", \"cve-2023-44487\", \"surveillance\", \"cve-2025-23419\", \"android\", \"syria\", \"rat-as-a-service\", \"aso rat\", \"rat\", \"mobile-malware\"]\nTgtd countries: []\nMlwr families: [\"ASO RAT\"]\nAttack_ids: [\"T1587.001\", \"T1204.002\", \"T1566.002\", \"T1583.001\", \"T1583.003\", \"T1584.005\", \"T1547.001\", \"T1498\"]\nIndustries: [\"Government\", \"Media\", \"NGO\", \"Defense\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776400919", "to_ids": true, "type": "ip-dst", "uuid": "9d2a200f-01ee-49ce-812c-80ad5a2bd325", "value": "45.74.4.179", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776400940", "to_ids": true, "type": "ip-dst", "uuid": "cf5413b7-6aab-4894-9fae-e33e9c56d3f6", "value": "88.3.137.237", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776135624", "to_ids": false, "type": "vulnerability", "uuid": "9808bd2b-704f-4367-98ef-bbea905e819c", "value": "CVE-2023-44487" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776135624", "to_ids": false, "type": "vulnerability", "uuid": "f68bc9e1-4435-4f68-bb21-5fbd957cf1cd", "value": "CVE-2025-23419" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776400961", "to_ids": true, "type": "ip-dst", "uuid": "c6a231bb-a974-41f9-b0ec-5c1ffdba078b", "value": "129.224.206.195", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776400982", "to_ids": true, "type": "ip-dst", "uuid": "fdb8a117-30e1-4ecc-8ac1-b74a59bb1cc6", "value": "129.224.207.215", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401004", "to_ids": true, "type": "ip-dst", "uuid": "3041e5bf-5b6f-4940-aba4-2422afc0e696", "value": "172.111.200.133", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401025", "to_ids": true, "type": "ip-dst", "uuid": "95aa0581-ccd3-4ddf-b244-78a354cd173d", "value": "216.128.9.226", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401046", "to_ids": true, "type": "url", "uuid": "b8e81e45-a90f-4984-9925-ef4792c55745", "value": "http://172.111.200.133:8080/admin/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401067", "to_ids": true, "type": "url", "uuid": "c1794bc9-9054-4d17-afd9-a9c04108c78f", "value": "http://172.111.200.133:8090", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401088", "to_ids": true, "type": "url", "uuid": "29f0d29f-aa59-40d3-a8c8-ff680ca1ec2a", "value": "http://172.111.200.133:8090/login", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401109", "to_ids": true, "type": "url", "uuid": "05d2abc7-7659-4a66-91fa-1e8b2de7f9c4", "value": "http://45.74.4.179:3000/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401131", "to_ids": true, "type": "url", "uuid": "edf50fbe-1a87-4bcc-9b32-296844cb898f", "value": "http://45.74.4.179:8080/admin/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401152", "to_ids": true, "type": "url", "uuid": "70142005-e3ac-4df0-885c-81c85a18db45", "value": "http://45.74.4.179:8090/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401173", "to_ids": true, "type": "hostname", "uuid": "c3b87d92-d1c1-4a91-84fa-34ad632f5852", "value": "aso.ddns.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401194", "to_ids": true, "type": "hostname", "uuid": "d4ecb548-8fb3-403c-8aa1-f881f12e94e3", "value": "c-pdf.ddns.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401215", "to_ids": true, "type": "hostname", "uuid": "c8659987-f6be-44e2-bc37-b834d633e761", "value": "livemap-back.ddns.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401236", "to_ids": true, "type": "hostname", "uuid": "b91afbfe-21b5-4ae5-baed-8b5a9743260b", "value": "new-pdf.ddns.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401258", "to_ids": true, "type": "ip-dst", "uuid": "618d9ce6-27fb-440c-b823-01e36588f632", "value": "136.144.35.16", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776401279", "to_ids": true, "type": "domain", "uuid": "d8ab402a-3719-4b1a-acba-b51bc95c7bc9", "value": "latitude.sh", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776352004", "to_ids": true, "type": "email-src", "uuid": "d4e01d86-a1c6-457b-b052-b3c6a81ac742", "value": "admin@pointtoserver.com" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776401301", "uuid": "7e884e25-9d88-499c-9801-6d23f19ee501", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776401301", "to_ids": true, "type": "md5", "uuid": "c1f21f16-3d58-455c-933a-e55f355fc09e", "value": "31514358bf684a1e466a9e8069c11031", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399308", "to_ids": true, "type": "sha1", "uuid": "ad064a15-80fb-4547-8205-093882d2771b", "value": "71e292745c4d86ef0d5c69b724d93379915dab15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399308", "to_ids": true, "type": "sha256", "uuid": "b0cfc072-d655-4989-9e9a-395aaad5ac56", "value": "39901ffa746a6f6ac3de2b36d9e61e0d60b221f4d9510436fd3cb3d2d7362130", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398104", "to_ids": true, "type": "ssdeep", "uuid": "45775f13-4283-4bb7-96af-9d0863e3b42a", "value": "196608:0lS8A1d2Dzj8ORCWEEtit462b1ISD3YiFgNxqjX/aK+JBW/X2XBS3e2bo+2:0RA1wDzRuEosbewmNxQXC16/X2REe2b6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398104", "to_ids": false, "type": "size-in-bytes", "uuid": "18e654d4-6118-419b-b603-9fdf8db0c0c8", "value": "11142887" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776398104", "to_ids": true, "type": "vhash", "uuid": "60f3aab6-3df6-47af-82be-575f8e17fa13", "value": "b5f8b0c874de7227e9bc8ca7e9e8bd8e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776398104", "to_ids": true, "type": "filename", "uuid": "2bc4ddbb-e500-467f-bcbd-f985ae0b7618", "value": "39901ffa746a6f6ac3de2b36d9e61e0d60b221f4d9510436fd3cb3d2d7362130.apk" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398104", "to_ids": false, "type": "text", "uuid": "a566cfa5-1981-4254-a087-7355ffd5b349", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:14/68\nFirst Submission:2025-07-26T02:15:16.000000+00:00\nLast Submission:2026-04-15T12:56:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776401322", "uuid": "67d2c0ba-fdc9-4aca-9114-12ecce25c64e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776401322", "to_ids": true, "type": "md5", "uuid": "97587917-da34-403a-bfcc-682d6f41bea4", "value": "b3e706ba673cfeb9d205fb97b0ac624c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399308", "to_ids": true, "type": "sha1", "uuid": "5e9d8320-18d8-4911-bded-030da56d8201", "value": "75411f2075bfd2259ccede39c3e559864c77e785", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399309", "to_ids": true, "type": "sha256", "uuid": "442bad83-6666-4650-a6e5-599fd568ab88", "value": "ee90df061740b8cf0cdce8dba04ff34c205adf3271695e5310d04723dd9a2a47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398126", "to_ids": true, "type": "ssdeep", "uuid": "cf5cf268-c29c-4bfa-b21b-3c9f8bb4841e", "value": "196608:gomVWQ0EYHkolZzy8C5LozvbDfhoBboSUaurEC4nvwww:DmYQzqPlU19m/fhoBbaY7Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398126", "to_ids": false, "type": "size-in-bytes", "uuid": "15d01bbb-0fda-4ff2-bb76-9a650bb64fd4", "value": "11406381" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776398126", "to_ids": true, "type": "vhash", "uuid": "ae967c43-9d1f-4794-a7b4-a93fd0e6d763", "value": "d9297966bf2f6c175f6c3fe7e5174c90" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776398126", "to_ids": true, "type": "filename", "uuid": "a85dfcab-776b-49e8-a1b1-b4f02ce7fa9f", "value": "c-pdf.apk" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 17/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398126", "to_ids": false, "type": "text", "uuid": "c79f68ac-62ba-4954-826d-0266373418ce", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:18/66\nFirst Submission:2025-10-15T12:48:55.000000+00:00\nLast Submission:2025-10-15T13:07:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776401343", "uuid": "ca4f2b6c-3751-4d9a-b1c3-1cb8b7b9c7bf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776401343", "to_ids": true, "type": "md5", "uuid": "9246ccd3-db51-4a81-a9c8-f916807a2abe", "value": "c3315d582e71412e830e019d036d811d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399309", "to_ids": true, "type": "sha1", "uuid": "0d122c3f-b923-4e35-b326-a2395b9562f2", "value": "85801125db56d750d1136c0c9700ea6a6052f80f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399309", "to_ids": true, "type": "sha256", "uuid": "db660558-78ea-4e44-948a-971a9cc6363a", "value": "86ebb2e4384e3c0d4aa973c07c1d237e3f4042c773f4b2aa5fcd19d8f7383172", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398147", "to_ids": true, "type": "ssdeep", "uuid": "8b6f6adc-ec86-472a-8e45-6b35ca1b0934", "value": "196608:RfrokwDZXoRoqeZ0EYHkolZzy8C5LozvbDfhpBboSUaurEC4nvwdWF:ZokKwohZzqPlU19m/fhpBbaY7LF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398147", "to_ids": false, "type": "size-in-bytes", "uuid": "dacaf547-a0de-4834-8edc-73abd672d7a5", "value": "11407657" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776398147", "to_ids": true, "type": "vhash", "uuid": "6978c7f0-96aa-4525-9c2e-28138a32f445", "value": "d9297966bf2f6c175f6c3fe7e5174c90" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776398147", "to_ids": true, "type": "filename", "uuid": "e1ef5f3f-08ab-4444-a146-71ae16bd5550", "value": "86ebb2e4384e3c0d4aa973c07c1d237e3f4042c773f4b2aa5fcd19d8f7383172.apk" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 16/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398147", "to_ids": false, "type": "text", "uuid": "14c995fe-11b3-4bad-9760-26ca57c2e8c0", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:23/69\nFirst Submission:2025-12-09T04:36:18.000000+00:00\nLast Submission:2025-12-09T04:36:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776401364", "uuid": "6ddb33b3-3631-40ea-a116-ef0db1198e93", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776401364", "to_ids": true, "type": "md5", "uuid": "95e33b6a-ae0b-40fb-80e2-9bd931c78bec", "value": "4447efc903329f4916656a99161c7725", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399311", "to_ids": true, "type": "sha1", "uuid": "32630a50-1be1-43c1-82be-60df5dcdbfa9", "value": "366b830464c0d609b94f8f2f460ac37474eabf67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399311", "to_ids": true, "type": "sha256", "uuid": "9628f302-498a-4038-9b6d-4c3c1ba9eefa", "value": "050537a47b5463e96a9f3e7ba79c607017faceeb668cef8aa1d5e11a19ff4990", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398169", "to_ids": true, "type": "ssdeep", "uuid": "0ade36f8-a7fe-476f-a2e7-0ee857caabf6", "value": "786432:Qx8hpRVAgfsVI0mke75jT0ZfR7LzfvfWyYEL9aoW56k1mApPfjO72Qm/fvpJc:jf9R5fyYLT1Y72QsJc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398169", "to_ids": false, "type": "size-in-bytes", "uuid": "f21b4b88-2d54-4937-abf2-42f864401ce8", "value": "87819084" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776398169", "to_ids": true, "type": "vhash", "uuid": "0d312be5-a89b-4fb4-8403-097b74af3eb0", "value": "cdff991bce34df66732061467cba098c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776398169", "to_ids": true, "type": "filename", "uuid": "6327a1d2-cb59-46ca-85ec-96277d6eb189", "value": "050537a47b5463e96a9f3e7ba79c607017faceeb668cef8aa1d5e11a19ff4990.apk" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 15/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398169", "to_ids": false, "type": "text", "uuid": "18632d93-30ce-4c63-8090-6f90981395b6", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:14/68\nFirst Submission:2025-09-25T17:10:01.000000+00:00\nLast Submission:2026-04-15T12:55:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776401385", "uuid": "4093dd92-8762-41e9-b296-01964aaa172a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776401385", "to_ids": true, "type": "md5", "uuid": "af3e6622-7ef7-4698-84c3-a7d0a5cc1af5", "value": "5e1b9510fb8357bd6df4fb69a94f2626", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399311", "to_ids": true, "type": "sha1", "uuid": "2414c8a4-ad9d-4122-aa86-6a676713e31e", "value": "b2e77314113ac3703f934b434f9b153ec61cd77a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399312", "to_ids": true, "type": "sha256", "uuid": "bb392c0b-ca0b-4b3d-ad97-7f920bf7c1ec", "value": "2eda2c838ea696f6ab1e74d2a1fa3c265234a32416a666f0efa3d065d0185552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398191", "to_ids": true, "type": "ssdeep", "uuid": "b1b79ff2-840d-4d22-9e08-fd9e080871fb", "value": "393216:H2Ifu8Wo34IjgF/m6RQibz6KWBVWAfKCGmcCn9zqPl519m/fhZBbM0g7:m034IjIz6iaKQBPcC92Hm/f5g0g7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398191", "to_ids": false, "type": "size-in-bytes", "uuid": "44a9a44c-1041-42f9-8019-7853d87591fc", "value": "22228117" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776398191", "to_ids": true, "type": "vhash", "uuid": "268ece82-fa36-44e6-8a61-8ba428e7995d", "value": "59c4d3fa57fe5953aeaa3b9783cfbacd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776398191", "to_ids": true, "type": "filename", "uuid": "62acf8d3-98ce-4399-bace-e4e65c8ca100", "value": "C-PDF_1.0.apk" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 17/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398191", "to_ids": false, "type": "text", "uuid": "b5ac6267-aeb7-455a-b157-9a7b14971123", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:10/68\nFirst Submission:2026-03-04T03:11:29.000000+00:00\nLast Submission:2026-04-17T00:27:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776401407", "uuid": "6903db85-6876-4d82-a330-194010cd0e99", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776401407", "to_ids": true, "type": "md5", "uuid": "4cb4a999-9539-4a6d-9606-3553427c1574", "value": "2632d7f26f9bbc02d11640c4a109bcf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399313", "to_ids": true, "type": "sha1", "uuid": "8144d78d-9b1c-40a0-8d06-8319f8365a5f", "value": "ae447ea4f5a73f4d918767dca673a2774a313e9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399313", "to_ids": true, "type": "sha256", "uuid": "14f64db5-558e-4e9b-95af-fd74e51e692c", "value": "3b5adb76e37e4cc999e281068d1f3e6f82cab8055c6b46c2e6de1b6ea8499a7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398212", "to_ids": true, "type": "ssdeep", "uuid": "400a6488-beae-4e7c-a553-be2f69627732", "value": "786432:fKTXx8hpRVAgfsVI0mke75jT0ZfR7LzfvfWyYEL9aoW56k1mApPfjO52Qm/fiJU9:iTef9R5fyYLT1Y52QzJW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398212", "to_ids": false, "type": "size-in-bytes", "uuid": "7df5d719-6477-4858-9b9e-c22770be2006", "value": "87404292" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776398212", "to_ids": true, "type": "vhash", "uuid": "138519dd-3c6a-4369-aeb8-0b870e926dc7", "value": "ea1d10475f78b3fa92982eec0c37269e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776398212", "to_ids": true, "type": "filename", "uuid": "9b0092c7-70cb-4b47-a5ce-0bd2d703b87b", "value": "3b5adb76e37e4cc999e281068d1f3e6f82cab8055c6b46c2e6de1b6ea8499a7e.apk" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 11/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398212", "to_ids": false, "type": "text", "uuid": "d1b42876-0862-4a8b-95b2-60ed54505dc2", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:9/68\nFirst Submission:2025-07-28T09:37:33.000000+00:00\nLast Submission:2025-07-28T09:37:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776401428", "uuid": "e3e1ffa7-faa8-4203-8413-6cc79db8aa55", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776401428", "to_ids": true, "type": "md5", "uuid": "6486ead0-4840-41ed-847b-c099a123f173", "value": "e54de017a7a93487d1ce50cb89676556", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776399314", "to_ids": true, "type": "sha1", "uuid": "ac61bf14-ddb0-481d-bb5d-b04c9d670147", "value": "cceb2ecb340e343ca878bdf65d67bebdc9d4d1ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776399314", "to_ids": true, "type": "sha256", "uuid": "e8a34e97-f1fc-4288-8380-ba702ff9546e", "value": "ffcfee12bd160dc67f9b0fbd4462e46e5932840297c611ad2646139295ea019c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776398234", "to_ids": true, "type": "ssdeep", "uuid": "21396a50-178b-4682-8c7a-f103269c606a", "value": "786432:Qx8hpRVAgfsVI0mke75jT0ZfR7LzfvfWyYEL9aoW56k1mApPfjO72Qm/fvpJu:jf9R5fyYLT1Y72QsJu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776398234", "to_ids": false, "type": "size-in-bytes", "uuid": "f8e3a6a5-d982-42f3-aa9e-4af0a76f7d69", "value": "87819084" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776398234", "to_ids": true, "type": "vhash", "uuid": "eadcc23a-6791-46b9-a91a-5bd045378590", "value": "cdff991bce34df66732061467cba098c" }, { "category": "Other", "comment": "Checked: 17/04/2026\nLast-scan\t: 12/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776398234", "to_ids": false, "type": "text", "uuid": "ea1bde74-82d9-4713-9acc-25467c416298", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:11/67\nFirst Submission:2025-09-14T07:37:55.000000+00:00\nLast Submission:2025-09-14T07:37:55.000000+00:00" } ] } ] } }