{ "Event": { "analysis": "1", "date": "2026-03-20", "extends_uuid": "", "info": "[Threat Intel] \u201cSay My Name\u201d: How MioLab is building MacOS Stealer Empire", "protected": false, "publish_timestamp": "1779546346", "published": true, "threat_level_id": "3", "timestamp": "1779546346", "uuid": "5b7c96e9-0252-4c03-bdd3-240bf79ec517", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#ed66f6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Web Session Cookie - T1539\"", "relationship_type": "" }, { "colour": "#77a4ec", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Collection - T1114\"", "relationship_type": "" }, { "colour": "#838eb9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keychain - T1555.001\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": "" }, { "colour": "#89bea3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"AppleScript - T1059.002\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#8ed4a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#c84641", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"GUI Input Capture - T1056.002\"", "relationship_type": "" }, { "colour": "#7628f7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Unix Shell - T1059.004\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1564.003\"", "relationship_type": "" }, { "colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003f", "local": false, "name": "rectifyq:sub-category=\"tool-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#680082", "local": false, "name": "ms-caro-malware:malware-platform=\"MacOS\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#3500cd", "local": false, "name": "rectifyq:detection-rules=\"sigma-from-src\"", "relationship_type": "" }, { "colour": "#3600cf", "local": false, "name": "rectifyq:detection-rules=\"snort-from-src\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777950044", "to_ids": false, "type": "link", "uuid": "d8b7588f-fe0f-44af-a0f8-ac3b937c82fa", "value": "https://www.levelblue.com/blogs/spiderlabs-blog/say-my-name-how-miolab-is-building-macos-stealer-empire", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1777950044", "to_ids": false, "type": "text", "uuid": "06947215-ecb5-4400-873d-3c03ae7c52fa", "value": "MioLab, also known as Nova, is a sophisticated Malware-as-a-Service platform targeting macOS environments, heavily advertised on Russian-speaking underground forums. The platform features extensive data exfiltration capabilities, including browser credential theft, cryptocurrency wallet targeting (supporting over 200 browser extensions and 50+ desktop wallets), and a premium module specifically designed to compromise Ledger and Trezor hardware wallets by intercepting 24-word BIP39 recovery seed phrases. The lightweight C-based payload supports both Intel and Apple Silicon architectures across macOS versions from Sierra to Tahoe. MioLab employs sophisticated social engineering through customizable DMG builders with live preview features, fake system prompts, and ClickFix integration. Recent updates demonstrate rapid development, including Safari cookie grabbing, automated Apple Notes decryption, and universal hardware wallet modules. The operation utilizes bulletproof hosting services and shares infrastruct..." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1777950044", "to_ids": false, "type": "text", "uuid": "736e9985-686c-4822-b491-7693704f48b7", "value": "Name: \u201cSay My Name\u201d: How MioLab is building MacOS Stealer Empire\nAuthor: AlienVault\nAdversary: MioLab\nTags: [\"macos stealer\", \"clickfix\", \"maas platform\", \"cryptocurrency theft\", \"bulletproof hosting\", \"miolab\"]\nTgtd countries: []\nMlwr families: [\"MioLab\", \"SUPERNOVA - S0578\"]\nAttack_ids: [\"T1113\", \"T1539\", \"T1114\", \"T1555.001\", \"T1204.002\", \"T1566.002\", \"T1119\", \"T1059.002\", \"T1005\", \"T1140\", \"T1555.003\", \"T1552.001\", \"T1041\", \"T1056.002\", \"T1059.004\", \"T1078\", \"T1027\", \"T1567.002\", \"T1564.003\", \"T1027.002\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1777950044", "to_ids": false, "type": "threat-actor", "uuid": "0d5c4e3e-5ace-4174-b73f-670136c7e9a5", "value": "MioLab" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778623985", "to_ids": true, "type": "domain", "uuid": "16c37a9c-a4c3-4d18-90b1-77cc1cabc89f", "value": "http.host", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624006", "to_ids": true, "type": "domain", "uuid": "bf78a38d-26b8-43f3-9971-e4c66cc48c3d", "value": "marinemember.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624027", "to_ids": true, "type": "domain", "uuid": "4bb22fb2-5435-48cd-ae23-8fef6bd4eea1", "value": "officerelaxation.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624048", "to_ids": true, "type": "domain", "uuid": "60a53ece-adf0-42db-a50f-6435e4e4ff32", "value": "approve-me.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624069", "to_ids": true, "type": "domain", "uuid": "3867c411-bd2d-4aad-a49b-cde33421d4f6", "value": "decodecybercrime.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624090", "to_ids": true, "type": "domain", "uuid": "2e7d64ed-0a0a-4438-b270-eedb25008238", "value": "mioisiskwowiwjowuwjwolab.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624111", "to_ids": true, "type": "domain", "uuid": "279cb402-f0f1-44af-a94f-9a5403903584", "value": "zynce.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624133", "to_ids": true, "type": "domain", "uuid": "c4471473-05fa-469f-b9a0-9198de8e4896", "value": "playavalon.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624154", "to_ids": true, "type": "domain", "uuid": "1e9dcb78-e05e-4bdc-bff7-bdcc3e9d11fd", "value": "socifiapp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624175", "to_ids": true, "type": "url", "uuid": "5d7776e3-e91e-45e2-a59f-717f25dec841", "value": "https://socifiapp.com/api/reports/upload", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624196", "to_ids": true, "type": "domain", "uuid": "20771daf-971a-4344-ad5d-92b14cc24e98", "value": "command-confirm.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624217", "to_ids": true, "type": "domain", "uuid": "a184d057-17e0-448e-a99b-a7d4b4455bc0", "value": "approvecommand.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:13/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546346", "to_ids": true, "type": "md5", "uuid": "67832325-57ad-4572-9912-1c537db98a92", "value": "822c45a52cad26af77ea25f121724999", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624238", "to_ids": true, "type": "url", "uuid": "af86801c-9bac-44ea-82ed-5136a6cd4e3f", "value": "http://mioisiskwowiwjowuwjwolab.club/login", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624259", "to_ids": true, "type": "url", "uuid": "b087a30e-b2cd-495b-89ba-bee894844f60", "value": "https://bruceketta.space/posts/nova-script-251110/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624280", "to_ids": true, "type": "url", "uuid": "10e888ad-8c27-4772-b9a7-c929c15f312b", "value": "https://decodecybercrime.com/mapping-defhost-an-investigation-into-femo-it-solutions-limited-as214351/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624301", "to_ids": true, "type": "url", "uuid": "89b2dce3-58f0-4ff5-945c-39b64c65b670", "value": "https://socifiapp.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624322", "to_ids": true, "type": "domain", "uuid": "3ed23860-c152-47d5-93ba-971715b790da", "value": "adjustservices.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624343", "to_ids": true, "type": "domain", "uuid": "3e06aee2-631d-4e2a-a632-1e94a5dd8637", "value": "approvalmechanism.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624364", "to_ids": true, "type": "domain", "uuid": "0d0ac24c-97bf-4a96-991b-7db7a096a766", "value": "automatic-approval.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624385", "to_ids": true, "type": "domain", "uuid": "66a87763-268d-4cda-8c4b-530d4a12f35f", "value": "blindsettlement.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624407", "to_ids": true, "type": "domain", "uuid": "a5454958-9157-4eac-b5d0-6971230b89e2", "value": "bothnationaldomainzones.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624428", "to_ids": true, "type": "domain", "uuid": "09e4e65c-4434-4e9d-8c61-ce19bddc0759", "value": "bruceketta.space", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624449", "to_ids": true, "type": "domain", "uuid": "a75b967b-5e99-47f6-9d0a-836cfe49bb2c", "value": "bucketowlsummary.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624470", "to_ids": true, "type": "domain", "uuid": "8f7b0e98-34e5-4dc9-9985-99877ce4bee2", "value": "captainnose.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624492", "to_ids": true, "type": "domain", "uuid": "64a71080-9dd3-477d-bd3f-500c900e74fb", "value": "carrotvegetable.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624513", "to_ids": true, "type": "domain", "uuid": "67f9eabf-2223-4661-aad8-fa2f70f9e4f0", "value": "certainstoragefeel.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624534", "to_ids": true, "type": "domain", "uuid": "6b098e0b-a05b-4a06-b98d-f70f6fb0dd97", "value": "charitydome.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624556", "to_ids": true, "type": "domain", "uuid": "37a7ad44-e403-4135-9b13-acb9d9a7fb03", "value": "chopaquarium.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624577", "to_ids": true, "type": "domain", "uuid": "3707b932-2c7b-4239-9000-54b597b75c00", "value": "command-distributor.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624598", "to_ids": true, "type": "domain", "uuid": "b25935d9-a00e-4531-8cd2-9af43f4a2dbe", "value": "commerceapprove.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624621", "to_ids": true, "type": "domain", "uuid": "72313d25-e254-41b7-9a61-4a337b05a50f", "value": "confirm-protocol.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624642", "to_ids": true, "type": "domain", "uuid": "37c3d83b-9a52-419d-b622-bbf9c29a1a82", "value": "cucumbernonsense.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624664", "to_ids": true, "type": "domain", "uuid": "eed3851e-ab07-41c6-ad47-02eafefa1570", "value": "decline.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624685", "to_ids": true, "type": "domain", "uuid": "f6c20a56-6895-47b3-acb6-f00dc2ebdb3c", "value": "displacehaircut.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624706", "to_ids": true, "type": "domain", "uuid": "58794e8b-07d2-4d10-bcc4-53f3583826fe", "value": "establishtransmission.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624727", "to_ids": true, "type": "domain", "uuid": "513b26a8-7c80-4647-add4-0e11bcbc9170", "value": "flexiblefinger.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624748", "to_ids": true, "type": "domain", "uuid": "08616401-6bd1-49ef-98f4-b92c93e788a6", "value": "formalpyramid.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624769", "to_ids": true, "type": "domain", "uuid": "4a0f954f-ea10-481f-826d-2d8ce47804fd", "value": "frontbottle.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624790", "to_ids": true, "type": "domain", "uuid": "274f0a01-6163-4e64-af04-2bc5481a88b7", "value": "frozenlilytaxi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624811", "to_ids": true, "type": "domain", "uuid": "6ff615c1-be16-4b9a-ad6f-373769886239", "value": "horsemanufacturer.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624833", "to_ids": true, "type": "domain", "uuid": "6dc50299-8ee9-4c36-a256-fe1788c5fd7f", "value": "importantsquash.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624854", "to_ids": true, "type": "domain", "uuid": "25cb945a-5b4d-4081-ba93-19b1e03db30a", "value": "insightvariety.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624875", "to_ids": true, "type": "domain", "uuid": "ce4a2baa-dea6-4b01-a3ef-0a75149c8a01", "value": "itemvalidation.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624897", "to_ids": true, "type": "domain", "uuid": "ed43fc17-882e-48ae-89b4-d9c01e313da0", "value": "macosdev.world", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624918", "to_ids": true, "type": "domain", "uuid": "962886e2-46b5-4b0f-96b1-412407cf8739", "value": "memorialapetite.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624939", "to_ids": true, "type": "domain", "uuid": "6928c964-ee5c-4b04-a345-0bd05ee936de", "value": "ovalresponsibility.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624960", "to_ids": true, "type": "domain", "uuid": "2619fe9b-37df-4643-bbc7-a41e2fc78b45", "value": "owqkoqoqoqoqoqqoqoo.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778624982", "to_ids": true, "type": "domain", "uuid": "d244c741-8bcb-4023-a278-13e1fe40b542", "value": "peaceofmindzone.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625003", "to_ids": true, "type": "domain", "uuid": "4e1c6948-b775-45ca-a687-fb05131344bd", "value": "registrationprotocol.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625024", "to_ids": true, "type": "domain", "uuid": "34d055ae-09fe-452b-a396-1598b933b637", "value": "respectableneedle.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625045", "to_ids": true, "type": "domain", "uuid": "6ae104a0-f1ec-40d3-8b47-10af2f2da41a", "value": "revisemodule.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625066", "to_ids": true, "type": "domain", "uuid": "ec17264a-5792-4a37-82b7-6b393c77a671", "value": "rocqwkeorkcowqkrcw.icu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625088", "to_ids": true, "type": "domain", "uuid": "af8ecc3d-0a95-4e0b-83d1-eb9c7552cff4", "value": "sculpturecherry.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625109", "to_ids": true, "type": "domain", "uuid": "cd2a4cea-e79e-4dc8-a428-f7c190c28a64", "value": "signaturemodule.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625130", "to_ids": true, "type": "domain", "uuid": "c32f3772-bc4b-4937-bacc-be244287865f", "value": "singleenvironment.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625151", "to_ids": true, "type": "domain", "uuid": "d648070e-c127-484b-af7a-25283c2b5e36", "value": "standardpoetry.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625172", "to_ids": true, "type": "domain", "uuid": "ca60fe13-7f20-4ae8-8047-ee7c6da35b2a", "value": "stringmotivation.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625194", "to_ids": true, "type": "domain", "uuid": "b5eb7728-de0e-4d1b-8948-1026f4f6b910", "value": "structurecarry.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625215", "to_ids": true, "type": "domain", "uuid": "8fd3fbb2-b5b1-45ca-8e1f-073994ce4f8d", "value": "sunrisefootball.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625237", "to_ids": true, "type": "domain", "uuid": "3b9420e5-a3d6-422d-a452-5f8ee3912ead", "value": "talentedfrog.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625258", "to_ids": true, "type": "domain", "uuid": "5b4169f1-2ac5-47bf-af08-e23a9ca91d9b", "value": "technicalposition.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625279", "to_ids": true, "type": "domain", "uuid": "076c4412-4c78-484b-a918-b20d8fee4492", "value": "terminalconfirm.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625301", "to_ids": true, "type": "domain", "uuid": "db1fd39d-777c-45f6-ab5f-a5888065d2e4", "value": "terminalsignature.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625322", "to_ids": true, "type": "domain", "uuid": "48617837-f71f-4c10-90a7-12eabd620ebd", "value": "trackperformer.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625343", "to_ids": true, "type": "domain", "uuid": "506d15b4-2edb-49c1-83df-f48637e6c339", "value": "usefuldrum.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625365", "to_ids": true, "type": "domain", "uuid": "8dc819e3-997f-48fe-92d8-88824882fa5a", "value": "weetspace.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625386", "to_ids": true, "type": "domain", "uuid": "95899931-2196-44c9-a2ef-170eee635059", "value": "welldrawer.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625407", "to_ids": true, "type": "domain", "uuid": "8450669f-5fc6-417a-9239-e2d102eb8871", "value": "wheelchairmoments.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625428", "to_ids": true, "type": "domain", "uuid": "749431c4-3166-431c-bbb3-32cdd0245181", "value": "wtkqwctkow.icu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains with active new MioLab login panel", "deleted": false, "disable_correlation": false, "timestamp": "1778625449", "to_ids": true, "type": "url", "uuid": "74a19332-3cee-4d19-b49e-d0365631fc35", "value": "mioisiskwowiwjowuwjwolab.club/login", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Real IP of the new login panel behind CloudFlare", "deleted": false, "disable_correlation": false, "timestamp": "1778625470", "to_ids": true, "type": "url", "uuid": "4f7e7736-cb5a-4fc0-b66f-53f9f0997c9b", "value": "http://196.251.107.171", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Real IP of the older login panel currently crypto scam behind CloudFlare", "deleted": false, "disable_correlation": false, "timestamp": "1778625491", "to_ids": true, "type": "ip-dst", "uuid": "348d15a9-3a5c-4a64-bae0-2774e6af3107", "value": "196.251.107.97", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing one or more Suricata rule(s) along with version and contextual information.", "meta-category": "network", "name": "suricata", "template_uuid": "3c177337-fb80-405a-a6c1-1b2ddea8684a", "template_version": "2", "timestamp": "1778368778", "uuid": "39f1ca0d-d47f-45ff-b4c5-fcc6ec8bd70b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1778368778", "to_ids": false, "type": "comment", "uuid": "19df0191-7e10-4b8d-b072-c17528ae349a", "value": "MacOS Miolab infostealer data exfiltration" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "suricata", "timestamp": "1778368778", "to_ids": true, "type": "snort", "uuid": "4e889d89-60a7-4720-a721-57536f99bdbf", "value": "alert http $HOME_NET any -> $EXTERNAL_NET any (\r\nmsg:\"MacOS Miolab infostealer data exfiltration\";\r\nflow:established,to_server;\r\nhttp.method; content:\"POST\";\r\nhttp.host; content:\"socifiapp.com\"; nocase;\r\nhttp.uri; content:\"/api/reports/upload\"; nocase;\r\nhttp.client_body; content:\"build_tag=ILoveNeko\"; nocase;\r\nclasstype:trojan-activity;\r\nsid:4201001;\r\nrev:1;\r\n)" } ] }, { "comment": "", "deleted": false, "description": "An object describing a Sigma rule (or a Sigma rule name).", "meta-category": "misc", "name": "sigma", "template_uuid": "aa21a3cd-ab2c-442a-9999-a5e6626591ec", "template_version": "2", "timestamp": "1778368814", "uuid": "2d0a8f4c-72e9-4604-9e60-ceb293691866", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sigma-rule-name", "timestamp": "1778368814", "to_ids": false, "type": "text", "uuid": "b980f0d6-cca7-41db-8886-afd9c9cbbe2f", "value": "MioLab - Termination of Terminal App" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1778368814", "to_ids": false, "type": "comment", "uuid": "a369a59d-54a9-43e0-af9f-22a02311c382", "value": "Detects the use of killall to terminate the Terminal application to hinder analysis." }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sigma", "timestamp": "1778368814", "to_ids": true, "type": "sigma", "uuid": "48b42798-0619-4886-aad6-76c99f490756", "value": "title: MioLab - Termination of Terminal App\r\ndescription: Detects the use of killall to terminate the Terminal application to hinder analysis.\r\nlogsource:\r\ncategory: process_creation\r\nproduct: macos\r\ndetection:\r\nselection:\r\ncommand_line|contains: 'killall Terminal'\r\ncondition: selection\r\nlevel: high" } ] }, { "comment": "", "deleted": false, "description": "An object describing a Sigma rule (or a Sigma rule name).", "meta-category": "misc", "name": "sigma", "template_uuid": "aa21a3cd-ab2c-442a-9999-a5e6626591ec", "template_version": "2", "timestamp": "1778368842", "uuid": "dd1f4447-7041-4e65-b49c-8afd78290e2c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sigma-rule-name", "timestamp": "1778368842", "to_ids": false, "type": "text", "uuid": "0cd91512-54d2-496d-990b-05273e38359c", "value": "MioLab - Credential Verification via DSCL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1778368842", "to_ids": false, "type": "comment", "uuid": "383a3cb3-d315-42a6-8323-30d0edf89635", "value": "Detects suspicious use of dscl to verify user credentials." }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sigma", "timestamp": "1778368842", "to_ids": true, "type": "sigma", "uuid": "1756be02-8e6a-49c4-9c80-3858e530839f", "value": "title: MioLab - Credential Verification via DSCL\r\ndescription: Detects suspicious use of dscl to verify user credentials.\r\nlogsource:\r\ncategory: process_creation\r\nproduct: macos\r\ndetection:\r\nselection:\r\nimage|endswith: '/dscl'\r\ncommand_line|contains: '-authonly'\r\ncondition: selection\r\nlevel: critical" } ] }, { "comment": "", "deleted": false, "description": "An object describing a Sigma rule (or a Sigma rule name).", "meta-category": "misc", "name": "sigma", "template_uuid": "aa21a3cd-ab2c-442a-9999-a5e6626591ec", "template_version": "2", "timestamp": "1778368861", "uuid": "c7471da4-2a5a-49e6-8688-f8a68debdc7f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sigma-rule-name", "timestamp": "1778368861", "to_ids": false, "type": "text", "uuid": "302f8ba1-24c6-467e-be3b-dcb059532f44", "value": "MioLab - Fake System Preferences Prompt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1778368861", "to_ids": false, "type": "comment", "uuid": "f43d7ab8-a0aa-436c-afcc-7a824d36ec48", "value": "Detects AppleScript commands mimicking a System Preferences password request." }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sigma", "timestamp": "1778368861", "to_ids": true, "type": "sigma", "uuid": "2d451a35-42a2-407a-b8c0-5e10c8ce23b0", "value": "title: MioLab - Fake System Preferences Prompt\r\ndescription: Detects AppleScript commands mimicking a System Preferences password request.\r\nlogsource:\r\ncategory: process_creation\r\nproduct: macos\r\ndetection:\r\nselection:\r\ncommand_line|contains:\r\n- 'display dialog \"You need to configure system settings before running this application.'\r\n- 'with title \"System Preferences\"'\r\ncondition: selection\r\nlevel: critical" } ] }, { "comment": "", "deleted": false, "description": "An object describing a Sigma rule (or a Sigma rule name).", "meta-category": "misc", "name": "sigma", "template_uuid": "aa21a3cd-ab2c-442a-9999-a5e6626591ec", "template_version": "2", "timestamp": "1778368878", "uuid": "bd6cee25-04b9-40ba-b8fc-20b3ea729a92", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sigma-rule-name", "timestamp": "1778368878", "to_ids": false, "type": "text", "uuid": "b38eeb52-1086-49a4-84b5-7410a1d65b60", "value": "MioLab - Data Staging and Compression" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1778368878", "to_ids": false, "type": "comment", "uuid": "248855ac-14ff-4da8-9fd0-bd4a6013ea28", "value": "Detects the use of ditto to create ZIP archives in temporary folders, a common exfiltration tactic." }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sigma", "timestamp": "1778368878", "to_ids": true, "type": "sigma", "uuid": "a0ded763-462b-423f-a836-33b0f96c7c37", "value": "title: MioLab - Data Staging and Compression\r\ndescription: Detects the use of ditto to create ZIP archives in temporary folders, a common exfiltration tactic.\r\nlogsource:\r\ncategory: process_creation\r\nproduct: macos\r\ndetection:\r\nselection:\r\ncommand_line|contains:\r\n- 'ditto -c -k --sequesterRsrc'\r\n- '/var/folders/'\r\ncommand_line|endswith: '.zip'\r\ncondition: selection\r\nlevel: medium" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546331", "uuid": "56fec6b5-7ea4-41b2-b372-6ed5998a3077", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546330", "to_ids": true, "type": "md5", "uuid": "3a332941-fa0f-4066-bde5-2cfef0fa420e", "value": "2422f04227fa86a149aed35d82f9a7fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546331", "to_ids": true, "type": "sha1", "uuid": "2bf834c1-ec99-4011-ba4b-84a3841f004d", "value": "138077b20c1886d0057983648c83deff9542a3cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546331", "to_ids": true, "type": "sha256", "uuid": "b633bfca-cf95-42e4-8405-d542060cef71", "value": "1b38274f279c7c9aa8d45ac028b33bbf25861d706d10ecf017aa502a216cafbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778621726", "to_ids": true, "type": "ssdeep", "uuid": "56b80784-1007-49fe-a50f-61e3bcd69ff8", "value": "3072:WVGOCJizimJFglzDBzKsnqjEE0UTywG4pZOM7Ds+noe9imaJHa:6GOociaFEz77x4p4AXnoe9tS6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778621726", "to_ids": false, "type": "size-in-bytes", "uuid": "0e28a287-ef93-46b4-9c0f-9dcd875c100b", "value": "458607" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778621726", "to_ids": true, "type": "vhash", "uuid": "20976224-de2e-4db2-be1c-24b925f9116b", "value": "dfc947c371a90dfa3c14b313e7a0d6bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778621726", "to_ids": true, "type": "filename", "uuid": "532d9eb5-070a-4d6f-8c34-c2ea7a00bf4d", "value": "1b38274f279c7c9aa8d45ac028b33bbf25861d706d10ecf017aa502a216cafbb.dmg" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778621726", "to_ids": false, "type": "text", "uuid": "7f7ac4b6-f7aa-417d-8903-d74ba56b6fce", "value": "Type Description: Macintosh Disk Image\nMicrosoft: Trojan:MacOS/Multiverze!rfn\nVT Total Detection:27/60\nFirst Submission:2026-01-27T23:04:01.000000+00:00\nLast Submission:2026-01-29T18:40:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546334", "uuid": "750982f9-2a49-4c45-9b3e-a825fca05272", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546333", "to_ids": true, "type": "md5", "uuid": "32fb7dee-0e94-4f66-9588-0708347bd792", "value": "5c1cd6b18d9cdb7a682560518f0438cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546333", "to_ids": true, "type": "sha1", "uuid": "d09ab724-e486-4d5b-9044-e39db97da80d", "value": "a8bb4b2c94187c91cd2cf62b23c2732625daff70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546334", "to_ids": true, "type": "sha256", "uuid": "de3e9e9c-4d9e-43ff-9277-dbd075372ee3", "value": "2551e64498ed723fa2b258c9134ee299308ef91c82e14b9e873fc06dddb8f3f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778621748", "to_ids": true, "type": "ssdeep", "uuid": "abdbdff2-88f3-468c-b5eb-d1fe454936e0", "value": "3072:O+cOIjP8vi//Jt2bLoyPSn4D7i7YA+YlklA3vGevK4lDH37SXD3SBeNMGa:OLjP6aH2LauUvGl0H37SXK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778621748", "to_ids": false, "type": "size-in-bytes", "uuid": "3fe9caaa-3428-4e95-8b23-e48f76ade52c", "value": "458275" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778621748", "to_ids": true, "type": "vhash", "uuid": "f5566e5b-1afa-406b-bc05-af92067bc329", "value": "dfc947c371a90dfa3c14b313e7a0d6bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778621748", "to_ids": true, "type": "filename", "uuid": "2e67602a-58db-433d-a2e3-2227e5f92e7c", "value": "PolymarketAI_Install.dmg" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778621748", "to_ids": false, "type": "text", "uuid": "d124b4d2-5966-4e66-bc5b-d0510ba3ee18", "value": "Type Description: Macintosh Disk Image\nMicrosoft: Trojan:MacOS/Multiverze!rfn\nVT Total Detection:25/60\nFirst Submission:2026-02-04T21:14:56.000000+00:00\nLast Submission:2026-02-04T21:14:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546336", "uuid": "7d709339-5e91-457d-95c5-d00cb1856134", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546335", "to_ids": true, "type": "md5", "uuid": "dfd51917-a1b9-412e-96a8-b4c43d393a4a", "value": "c8678739a0301fc2a46bbc7ed8629386", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546336", "to_ids": true, "type": "sha1", "uuid": "68e0c022-4257-4f92-8be9-c19befc5a83c", "value": "65c1d23ca72d3699a382632db132352784999ab8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546336", "to_ids": true, "type": "sha256", "uuid": "4062acc1-23e2-4c7e-9bc1-c7bac79067ae", "value": "a24c82c2c4db20baef8998cb3c4935b74e83fec1a6c0e6bfcc64f4af19507b9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778621770", "to_ids": true, "type": "ssdeep", "uuid": "c90479f4-8ffd-442a-b81b-979f4de5a1f1", "value": "3072:7kVGOCJizimJFgl3CyjudHdAaAJ3e+lPsBYxmFjTR7Ds+noeUH0RqqV:YGOociaFE3h69q9JwYMFj9XnoLH0Rq8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778621770", "to_ids": false, "type": "size-in-bytes", "uuid": "0f981e00-95df-4f92-a8cc-d62eb2a8e212", "value": "458717" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778621770", "to_ids": true, "type": "vhash", "uuid": "1415c2f0-08db-4676-a44c-0e69ac7e4727", "value": "dfc947c371a90dfa3c14b313e7a0d6bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778621770", "to_ids": true, "type": "filename", "uuid": "97590287-e10a-49ee-b18a-4f1f1cd53b04", "value": "Setup.dmg" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778621770", "to_ids": false, "type": "text", "uuid": "e13ac54c-fa15-4f31-ad6e-572ae58d7a37", "value": "Type Description: Macintosh Disk Image\nMicrosoft: Trojan:MacOS/Multiverze!rfn\nVT Total Detection:25/60\nFirst Submission:2026-02-06T01:22:28.000000+00:00\nLast Submission:2026-02-09T05:49:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546339", "uuid": "7f85e8e6-57b0-43d9-a258-0c3664acfb15", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546338", "to_ids": true, "type": "md5", "uuid": "bec41c30-df18-4d8c-b98b-27caabd4dad0", "value": "581f43161c591c43a3beb6d8e65b091a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546338", "to_ids": true, "type": "sha1", "uuid": "cf341fc7-2537-4d43-aa22-a1316ea24420", "value": "521d6be1f630f4f8b21d57d1284b68ecc8fc9ad3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546339", "to_ids": true, "type": "sha256", "uuid": "b75446d1-9bf3-48a0-a8a6-9da5d2e9cd85", "value": "2c54e32bde2960344f0270c76c9616741c2947b6f3311424b8220d8c95c3664f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778621792", "to_ids": true, "type": "ssdeep", "uuid": "0399cc86-6f29-4e48-8b6d-acf0c3fa9c8a", "value": "24576:AqZXoFnmLxEvRmQOnULY8yDtGrElZXoFnmLxEvRmQOnULY8yDtGrEUh+:14FnqnEqf4FnqnEq5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778621792", "to_ids": false, "type": "size-in-bytes", "uuid": "334bec9c-a1f2-4704-a404-4bc704b887fb", "value": "6927448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778621792", "to_ids": true, "type": "vhash", "uuid": "06b2ac84-4076-4a5b-a237-5ad9677cdf48", "value": "bb8cc3b2a9bacbac4cf242d4a323ecd2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778621792", "to_ids": true, "type": "filename", "uuid": "8ba733f7-8013-49fa-9c73-a317f2a5674a", "value": "update" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778621792", "to_ids": false, "type": "text", "uuid": "1c0d6ada-07f0-4e80-a6ad-88d9f3206e3f", "value": "Type Description: Mach-O\nMicrosoft: Trojan:MacOS/Multiverze!rfn\nVT Total Detection:30/62\nFirst Submission:2026-02-19T21:08:06.000000+00:00\nLast Submission:2026-02-19T21:08:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546341", "uuid": "14257b18-9009-4703-bf7e-e11a98913c44", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546340", "to_ids": true, "type": "md5", "uuid": "50f66a6c-301e-46f5-ab9a-e4ab219f51fa", "value": "eeaba83f9e5a3922b02ba178c4ae445e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546341", "to_ids": true, "type": "sha1", "uuid": "e494f3d1-61d0-428b-b6e9-5abc615cf14e", "value": "b18632cfdd732953bd5e13baba3bf11c84cc37f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546341", "to_ids": true, "type": "sha256", "uuid": "20052267-41c9-4659-9470-613ebd71f783", "value": "32c135068c2070c7821f7c7a325ab1350cc207bfba978cdc1c6f5ba0bae46e4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778621834", "to_ids": true, "type": "ssdeep", "uuid": "a98eb3f1-022f-44bd-857c-37f1370adc04", "value": "3:TKH/3LIKFKuVIAHOWZKQdTNHg8RIVIAHDaFOdUAHZIAn:m3FZ4yKmkxa4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778621834", "to_ids": false, "type": "size-in-bytes", "uuid": "f04f9fb9-a826-460d-98e6-15ce12e2b27b", "value": "129" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778621834", "to_ids": true, "type": "filename", "uuid": "231c0cb6-a521-464d-b23f-c5ff13701d95", "value": "out2.txt" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 07/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778621834", "to_ids": false, "type": "text", "uuid": "fda90d6e-1fa8-4a4f-b66e-657979a01db2", "value": "Type Description: Shell script\nMicrosoft: Trojan:Win32/Vigorf.A\nVT Total Detection:28/60\nFirst Submission:2026-02-19T21:04:29.000000+00:00\nLast Submission:2026-02-19T21:04:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546344", "uuid": "b8d045fa-b205-4188-ad73-42f298e058ab", "Attribute": [ { "category": "Payload delivery", "comment": "Miolab MacOS infostealer variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546343", "to_ids": true, "type": "md5", "uuid": "411cf5cf-69d5-459a-bba9-0db5a8ae069a", "value": "620e70d3246fcb75037a005684407e42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Miolab MacOS infostealer variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546343", "to_ids": true, "type": "sha1", "uuid": "397936ea-8b20-4c6a-becd-edac9ee075fd", "value": "308bddf83d95412c800af3d8fc816960d960a5fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Miolab MacOS infostealer variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546344", "to_ids": true, "type": "sha256", "uuid": "e3e14c88-299b-4a11-80d4-166b07915d20", "value": "2ad14b3c1196907ccd6ceae8414cd764de8ccb44320cbe9b7790fc44a6724776", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778621856", "to_ids": true, "type": "ssdeep", "uuid": "68293e1f-0fd6-4aa5-b69b-ef28c5fd07d8", "value": "6144:F66hgxz3PLSYqTiWpSnqmd9eKJjibs00:F66hgp/F+YRaPb1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778621856", "to_ids": false, "type": "size-in-bytes", "uuid": "2935427b-a422-48af-bd01-ccb2df06fb71", "value": "458959" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778621856", "to_ids": true, "type": "vhash", "uuid": "d5f980a1-242f-4a7a-ab7c-14595ff153d0", "value": "dfc947c371a90dfa3c14b313e7a0d6bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778621856", "to_ids": true, "type": "filename", "uuid": "9c0514f2-08b5-4578-9e72-226db960e87b", "value": "gk2u2zf.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 09/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778621856", "to_ids": false, "type": "text", "uuid": "c98c0053-8eb6-40ff-858a-d0bc40e9fdff", "value": "Miolab MacOS infostealer variant\r\nType Description: Macintosh Disk Image\nMicrosoft: Trojan:MacOS/Multiverze!rfn\nVT Total Detection:25/62\nFirst Submission:2026-02-04T20:45:08.000000+00:00\nLast Submission:2026-02-04T20:45:08.000000+00:00" } ] } ] } }