{ "Event": { "analysis": "1", "date": "2026-05-06", "extends_uuid": "", "info": "[Threat Intel] ClickFix campaign uses fake macOS utilities lures to deliver infostealers", "protected": false, "publish_timestamp": "1779546837", "published": true, "threat_level_id": "3", "timestamp": "1779546837", "uuid": "8a797443-5fc5-4804-b43f-77813c7ad5e8", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#96f4f6", "local": false, "name": "misp-galaxy:producer=\"Microsoft\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#ed66f6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Steal Web Session Cookie - T1539\"", "relationship_type": "" }, { "colour": "#838eb9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keychain - T1555.001\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#89bea3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"AppleScript - T1059.002\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": "" }, { "colour": "#867a84", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Launch Daemon - T1543.004\"", "relationship_type": "" }, { "colour": "#8ed4a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#36a9d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#f95f85", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials In Files - T1552.001\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#16ca73", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Location Discovery - T1614\"", "relationship_type": "" }, { "colour": "#15723e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Launch Agent - T1543.001\"", "relationship_type": "" }, { "colour": "#680082", "local": false, "name": "ms-caro-malware:malware-platform=\"MacOS\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778238032", "to_ids": false, "type": "link", "uuid": "5d896a37-9bbd-4fb2-8fd8-5dd6d22a2543", "value": "https://www.microsoft.com/en-us/security/blog/2026/05/06/clickfix-campaign-uses-fake-macos-utilities-lures-deliver-infostealers/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778238032", "to_ids": false, "type": "text", "uuid": "183a382f-ca4d-449b-8bbd-4226f50e09a1", "value": "Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778238032", "to_ids": false, "type": "text", "uuid": "890610e0-cfc9-40ec-bb82-0a95723ca88e", "value": "Name: ClickFix campaign uses fake macOS utilities lures to deliver infostealers\nAuthor: AlienVault\nAdversary: \nTags: [\"phantompulse\", \"infostealer\", \"shub stealer\", \"clickfix\", \"applescript\", \"macos\"]\nTgtd countries: []\nMlwr families: [\"Macsync\", \"Shub Stealer\", \"AMOS\", \"PhantomPulse\"]\nAttack_ids: [\"T1059.007\", \"T1539\", \"T1555.001\", \"T1082\", \"T1059.002\", \"T1005\", \"T1140\", \"T1036\", \"T1560\", \"T1543.004\", \"T1555.003\", \"T1087\", \"T1083\", \"T1552.001\", \"T1204\", \"T1041\", \"T1574\", \"T1027\", \"T1614\", \"T1543.001\"]\nIndustries: []" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947723", "to_ids": true, "type": "domain", "uuid": "88fed77b-9605-4387-9c74-279362b5dd97", "value": "jihiz.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947744", "to_ids": true, "type": "domain", "uuid": "c7ae0724-614f-4b8e-bfdb-56d047c3b841", "value": "kayeart.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947766", "to_ids": true, "type": "domain", "uuid": "ef5b2c11-3077-49f5-889b-62cae689a7fe", "value": "bintail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947787", "to_ids": true, "type": "domain", "uuid": "80d6bf2d-3701-40ba-aa41-13dd83c89b7b", "value": "wusetail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947808", "to_ids": true, "type": "ip-dst", "uuid": "17ec012c-dd48-4c47-80f2-a2dda9513045", "value": "45.94.47.204", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947829", "to_ids": true, "type": "domain", "uuid": "58ec2cb3-dcd7-4423-9815-8f917b11d8d9", "value": "malext.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947850", "to_ids": true, "type": "domain", "uuid": "92dd0671-91bb-4ef8-971e-6961c575e72b", "value": "miappl.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947872", "to_ids": true, "type": "domain", "uuid": "7d0deb33-bfd6-4b95-afbe-c4e2edeb2ec9", "value": "pla7ina.cfd", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947893", "to_ids": true, "type": "domain", "uuid": "5defa42c-8c5d-4691-9925-f49a0685c250", "value": "vagturk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947914", "to_ids": true, "type": "ip-dst", "uuid": "93e7b703-6418-41d3-b769-f7bc53ffeb02", "value": "38.244.158.56", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947935", "to_ids": true, "type": "domain", "uuid": "4035581c-2243-4676-bfd6-acc67e6150d4", "value": "joeyapple.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947957", "to_ids": true, "type": "domain", "uuid": "75fde035-9b6b-4e8c-a902-5be2137d8189", "value": "raxelpak.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947979", "to_ids": true, "type": "domain", "uuid": "305f161a-3c56-4c4e-ab10-19ae4505f28a", "value": "vcopp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948000", "to_ids": true, "type": "domain", "uuid": "8aa7b913-e083-4262-9589-92fad97e4b5c", "value": "octopox.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948021", "to_ids": true, "type": "ip-dst", "uuid": "a9759801-4899-4151-96ef-8bee1b776046", "value": "199.217.98.33", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948042", "to_ids": true, "type": "domain", "uuid": "af6d1580-66af-4df5-bb52-4a04dfda15e7", "value": "biopranica.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948063", "to_ids": true, "type": "domain", "uuid": "6ce8d743-3d73-44ee-9aa4-361c38aa3826", "value": "raytherrien.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948085", "to_ids": true, "type": "domain", "uuid": "35f4b0ca-c120-4090-87d4-b7ddbbd56903", "value": "boosterjuices.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948106", "to_ids": true, "type": "domain", "uuid": "9f804bae-b3d7-4564-8eec-218a999c55c0", "value": "contatoplus.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948127", "to_ids": true, "type": "domain", "uuid": "17c9e216-5bb0-45f7-b53b-af02934d6abc", "value": "coco-fun2.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948148", "to_ids": true, "type": "domain", "uuid": "e8a18b7a-3a0b-4883-b88d-64ff80d572d1", "value": "coco2-hram.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948169", "to_ids": true, "type": "domain", "uuid": "fcd0f309-1fbc-4dcb-99fe-e4d4f827bf9b", "value": "saramoftah.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948190", "to_ids": true, "type": "ip-dst", "uuid": "a956f1da-055e-45b4-9675-f5cf7138dc9d", "value": "38.244.158.103", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948212", "to_ids": true, "type": "domain", "uuid": "73e2f6c5-89ef-4247-913c-9eea92266c6d", "value": "wriconsult.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948233", "to_ids": true, "type": "domain", "uuid": "c690d58d-4da9-4f1e-8d72-48008493b19e", "value": "cleanmymacos.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948254", "to_ids": true, "type": "domain", "uuid": "142dfbde-db03-4597-8022-33661f9b0216", "value": "rapidfilevault5.sbs", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948276", "to_ids": true, "type": "domain", "uuid": "1bff6dee-f957-49b3-9899-c0e1b130eb92", "value": "res2erch-sl0ut.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948297", "to_ids": true, "type": "domain", "uuid": "fba24a11-2721-43d9-b6fa-4ae4b2ebbd4c", "value": "mentaorb.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948319", "to_ids": true, "type": "ip-dst", "uuid": "96954336-cc9e-4943-8406-17c74f000322", "value": "168.100.9.122", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948340", "to_ids": true, "type": "domain", "uuid": "21b81df4-a14a-4d3a-bb1d-748d6a72c649", "value": "woupp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948361", "to_ids": true, "type": "domain", "uuid": "483fae13-1694-490c-96a9-783dfe308aa9", "value": "terafolt.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948383", "to_ids": true, "type": "domain", "uuid": "9e5e6220-991d-44ef-86c0-728bd27fa375", "value": "res2erch-sl2ut.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948404", "to_ids": true, "type": "domain", "uuid": "9ac257ab-32dc-464d-a161-4285d67e274f", "value": "milbiorb.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948425", "to_ids": true, "type": "domain", "uuid": "a8b66598-aeff-4b55-b192-f646d88df68f", "value": "metramon.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948446", "to_ids": true, "type": "domain", "uuid": "bbaab815-82aa-4ba0-8fc6-d6b4d9d1efc4", "value": "ptrei.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948467", "to_ids": true, "type": "domain", "uuid": "d79b8a9e-f3fe-46e6-83c4-cdd5cfae6efe", "value": "ejecen.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948488", "to_ids": true, "type": "domain", "uuid": "70394102-7b9b-4e01-b4e9-d5d08ba95930", "value": "beltoxer.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948509", "to_ids": true, "type": "domain", "uuid": "a8a90255-89e7-4444-b1b2-83a36d374916", "value": "mikulatur.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948530", "to_ids": true, "type": "domain", "uuid": "ffcba111-e905-4643-8bfe-6fb23e48214d", "value": "benefasts-fhgs2.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948552", "to_ids": true, "type": "domain", "uuid": "438259da-d546-4031-9e38-921e82618222", "value": "hilofet.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948573", "to_ids": true, "type": "domain", "uuid": "dfe8553c-9ffc-418d-a20d-5b999533789c", "value": "bigbossbro777.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948594", "to_ids": true, "type": "domain", "uuid": "c7d56a45-6826-4921-8507-cd2b17fcf243", "value": "hello-brothers777.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948615", "to_ids": true, "type": "domain", "uuid": "568444bd-3fb2-4a21-b697-b4bb1eae3c02", "value": "malkim.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948637", "to_ids": true, "type": "domain", "uuid": "8b2370ae-e7d8-4984-94d5-1793f77cfb3d", "value": "rvdownloads.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948658", "to_ids": true, "type": "domain", "uuid": "3f67724d-2b86-487a-8921-053fb19f650c", "value": "fastfilenext.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948679", "to_ids": true, "type": "domain", "uuid": "4bf8fc45-8e57-49e6-ab35-d8de6c4bf0fd", "value": "famiode.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948700", "to_ids": true, "type": "domain", "uuid": "2c171011-af79-40ec-9427-b037f07e14f6", "value": "joytion.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948721", "to_ids": true, "type": "domain", "uuid": "0b57ff85-cdb8-4723-847d-d969f96c9a47", "value": "stinarosen.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948743", "to_ids": true, "type": "ip-dst", "uuid": "800f51e8-895f-496b-90ae-d9676665df20", "value": "92.246.136.14", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948764", "to_ids": true, "type": "domain", "uuid": "58b62128-c336-4c30-a4ff-bc8e9d9a63f1", "value": "laislivon.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948785", "to_ids": true, "type": "domain", "uuid": "a935af9b-2e6e-4c3e-a72b-99245203c718", "value": "octopixeldate.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948806", "to_ids": true, "type": "domain", "uuid": "f0e1e150-c45e-4c6c-ba47-0c484d8463a7", "value": "pilautfile.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948827", "to_ids": true, "type": "domain", "uuid": "8e9df6bd-6ffa-495b-bfa8-1ba2d57ae2fb", "value": "mpasvw.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948848", "to_ids": true, "type": "domain", "uuid": "87d89693-83c2-4eae-9813-7625aadeccc5", "value": "aforvm.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948869", "to_ids": true, "type": "domain", "uuid": "daa45d40-5f40-4f46-a01e-4a8bb8739d06", "value": "paralegalmustang.icu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948892", "to_ids": true, "type": "domain", "uuid": "799cf924-c78f-401b-81ea-d43592f94d30", "value": "dryvecar.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948914", "to_ids": true, "type": "domain", "uuid": "e4048cb9-8838-4896-93e7-157d9304aa54", "value": "play67.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948935", "to_ids": true, "type": "url", "uuid": "d1943556-238a-4a5a-8d9f-8cd1fde3adac", "value": "https://thickentributary.digital/script.sh", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948956", "to_ids": true, "type": "domain", "uuid": "0d1bfff4-0c6d-41fb-9a96-918cb3bc322a", "value": "thickentributary.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948977", "to_ids": true, "type": "domain", "uuid": "a2537077-fb64-4c1b-ae3c-7960c3131ac0", "value": "isgilan.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778948999", "to_ids": true, "type": "domain", "uuid": "2141ea82-9ea3-4f77-844d-3c77f1f83188", "value": "pewqpeee888.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949020", "to_ids": true, "type": "url", "uuid": "c4929a88-aff9-4db7-906d-349767dba8da", "value": "https://cauterizespray.icu/script.sh", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949041", "to_ids": true, "type": "domain", "uuid": "1c763900-63c3-4432-b47a-7a81f76b3552", "value": "cauterizespray.icu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949062", "to_ids": true, "type": "url", "uuid": "e706e507-028f-468c-a8fc-bca74e808d20", "value": "https://enslaveculprit.digital/script.sh", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949083", "to_ids": true, "type": "domain", "uuid": "5a133bef-4dcf-4de9-88f5-c83499544928", "value": "enslaveculprit.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949104", "to_ids": true, "type": "domain", "uuid": "780ad09d-33c1-4bc3-b99a-a8484578e0e8", "value": "persaniusdimonica8.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949126", "to_ids": true, "type": "url", "uuid": "63c2d3a4-b23e-4cc3-ada8-dd2364f244e3", "value": "https://resilientlimb.icu/script.sh", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949148", "to_ids": true, "type": "domain", "uuid": "9e3fdda6-4ed9-4ea7-ba65-f723701e0836", "value": "resilientlimb.icu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949169", "to_ids": true, "type": "domain", "uuid": "2c0ecf76-52bf-4a10-8507-53d67363b78e", "value": "0x666.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949191", "to_ids": true, "type": "domain", "uuid": "8293dc25-3378-4ee1-b717-37b99488747c", "value": "uk176video.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949212", "to_ids": true, "type": "domain", "uuid": "9d17b626-7cff-4774-b2b3-41ccbadfaf3b", "value": "peloetwq71.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949233", "to_ids": true, "type": "domain", "uuid": "c9dc5ec9-1817-4e3d-8d08-bd6f0d5923cd", "value": "bankafolder.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949254", "to_ids": true, "type": "domain", "uuid": "a3b62c28-b60f-4974-8c7e-ba53b944add0", "value": "we2luck.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949275", "to_ids": true, "type": "domain", "uuid": "e045d186-6530-41c2-837b-7d0f64a2e165", "value": "molokotarelka.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949296", "to_ids": true, "type": "domain", "uuid": "68fb659a-958d-4b1b-8e81-e89308bbc694", "value": "seagalnssteavens.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949318", "to_ids": true, "type": "domain", "uuid": "3892d590-0007-4a21-b942-046f1dfd6731", "value": "pelorso90la.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949339", "to_ids": true, "type": "domain", "uuid": "18580566-317e-43cb-92ef-5ca554c9c8dc", "value": "pewweepor092.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949360", "to_ids": true, "type": "domain", "uuid": "03922034-c565-47bd-88e5-7a7b6a19cdc4", "value": "arkypc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949381", "to_ids": true, "type": "domain", "uuid": "bda9aeb4-c561-41d1-a24e-8b507f1a9196", "value": "repqoow77wiqi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949402", "to_ids": true, "type": "domain", "uuid": "4979d374-ac46-4960-9ff2-dedf0f0bc315", "value": "reews09weersus.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949423", "to_ids": true, "type": "domain", "uuid": "c0e298bb-c9b3-4964-b6f7-4eca91cea0da", "value": "perewoisbb0.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949445", "to_ids": true, "type": "domain", "uuid": "24353949-cbe1-4ff0-94bc-658f2cd2b323", "value": "stclegion.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778238032", "to_ids": false, "type": "vulnerability", "uuid": "a3641549-478f-45f4-9034-d4250a83c47a", "value": "CVE-2026-31431" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949466", "to_ids": true, "type": "domain", "uuid": "bbd56143-b5e3-4f45-9233-ee3dc5c32770", "value": "lakhov.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949487", "to_ids": true, "type": "domain", "uuid": "64512719-c475-4730-ae84-3c6f37e68054", "value": "ouilov.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949508", "to_ids": true, "type": "domain", "uuid": "31a57d34-ac6f-4f49-b22f-887211560bba", "value": "korovkamu.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949529", "to_ids": true, "type": "domain", "uuid": "bc9bc92e-bb5c-455b-b8da-b029dddba114", "value": "doqeers.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949550", "to_ids": true, "type": "domain", "uuid": "1ed448c6-627e-451b-93bd-725c31504776", "value": "round5on.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949571", "to_ids": true, "type": "domain", "uuid": "c602a338-5cd9-4a3a-9f4f-94ae2b98565b", "value": "haploadpin.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949592", "to_ids": true, "type": "ip-dst", "uuid": "f2583947-47a2-4ac5-855c-6e9fc0358456", "value": "138.124.93.32", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949613", "to_ids": true, "type": "ip-dst", "uuid": "eae25dda-64eb-460b-a99a-05b2f4269acd", "value": "95.85.251.177", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949635", "to_ids": true, "type": "url", "uuid": "ace96450-e45b-4873-ba63-2693fd90548b", "value": "http://lakhov.com/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949657", "to_ids": true, "type": "url", "uuid": "1cb08b18-6bd7-4536-afef-e5fd986f5b83", "value": "http://paralegalmustang.icu/script.sh", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949678", "to_ids": true, "type": "url", "uuid": "6cbfd0ca-1ab1-4ebb-8d66-4aa27c5dc74a", "value": "https://avipstudios.com/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949699", "to_ids": true, "type": "url", "uuid": "f5132d25-8e9b-496c-8af8-183d174fa914", "value": "https://joytion.com/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949720", "to_ids": true, "type": "url", "uuid": "1296d771-5455-48e6-b4a2-f6e8f05cf09f", "value": "https://kvrnjr30.apexharvestor.digital", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949741", "to_ids": true, "type": "url", "uuid": "d3bf51f2-98ca-43a2-8e87-6af2256747c1", "value": "https://laislivon.com/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949762", "to_ids": true, "type": "url", "uuid": "74087fb5-0749-44d1-a615-a28acf932a83", "value": "https://mpasvw.com/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949783", "to_ids": true, "type": "url", "uuid": "aef8273e-ca27-4447-9e3a-2f9a8e26b247", "value": "https://qjywvkbl.degassing-mould.digital", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949804", "to_ids": true, "type": "url", "uuid": "7ddf337d-b0fe-4080-8e51-aa6d9a69dd44", "value": "https://round5on.digital/script.sh", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949826", "to_ids": true, "type": "url", "uuid": "da92b242-3786-43cc-9263-d857f46dc488", "value": "https://www.iru.com/blog/atomic-stealer-amos-returns", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949847", "to_ids": true, "type": "url", "uuid": "3a339869-12de-464b-b5d5-e473ab15f9cf", "value": "https://yygp4pdh.apexharvestor.digital", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949868", "to_ids": true, "type": "url", "uuid": "c9fbff70-4653-4590-ab1b-709d075b8ddb", "value": "https://zg5mkr7q.apexharvestor.digital", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949889", "to_ids": true, "type": "domain", "uuid": "16e2cb48-e741-472f-a443-bf3f20722d81", "value": "avafex.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949910", "to_ids": true, "type": "domain", "uuid": "c46c4ca8-012e-4260-82ad-971637ebcb10", "value": "avipstudios.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949931", "to_ids": true, "type": "domain", "uuid": "aeb23809-c1f7-47a1-8f90-244da240be87", "value": "boso6ka.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949952", "to_ids": true, "type": "domain", "uuid": "2220c752-ea08-446b-82ff-90acf0635cfa", "value": "dialerformac.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949974", "to_ids": true, "type": "domain", "uuid": "f3e57bc5-ef8e-4c73-afef-6fd8147adc51", "value": "do2wers.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778949995", "to_ids": true, "type": "domain", "uuid": "2c5a9e58-6151-4108-81d4-530dfbbb8806", "value": "domenpozh.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950016", "to_ids": true, "type": "domain", "uuid": "fe8c546e-9529-40b2-93f8-6b7787e0df4e", "value": "filefastdata.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950037", "to_ids": true, "type": "domain", "uuid": "1d9c470c-4397-4a47-b3e7-953d7d4fca76", "value": "futampako.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950058", "to_ids": true, "type": "domain", "uuid": "539bbc69-daa1-42b2-b489-7d74fa5b4997", "value": "hitkrul.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950079", "to_ids": true, "type": "domain", "uuid": "8a777010-75fb-4c77-bf02-61d7d51711ce", "value": "honestly.ink", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950100", "to_ids": true, "type": "domain", "uuid": "af0404bd-f279-4c84-a8f6-4f32f23ec40d", "value": "kcbps.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950122", "to_ids": true, "type": "domain", "uuid": "a63b26b4-635c-44cc-b4e1-8d599f3e879f", "value": "kofeynayagush.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950143", "to_ids": true, "type": "domain", "uuid": "42db2ec6-73f8-4d52-8cb1-104ec869b1cc", "value": "lbarticle.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950164", "to_ids": true, "type": "domain", "uuid": "51a53855-dfa7-46e3-80e6-d294abf350e8", "value": "medoviypirog.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950185", "to_ids": true, "type": "domain", "uuid": "254e8bf4-0bf0-463e-93aa-b0effffc78c0", "value": "metlafounder.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950206", "to_ids": true, "type": "domain", "uuid": "553d9063-60cc-4115-8cfe-16bf72abf2d4", "value": "metrikcs.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950227", "to_ids": true, "type": "domain", "uuid": "7ced8e20-ced8-4503-81d0-5b4caabe341b", "value": "nibelined.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950248", "to_ids": true, "type": "domain", "uuid": "9d8edd93-10d7-4b1b-ad04-653332f7ca87", "value": "nitlebuf.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950269", "to_ids": true, "type": "domain", "uuid": "0fdffed1-f3c5-4e06-ba52-22ba2744e997", "value": "pipipoopochek6.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950291", "to_ids": true, "type": "domain", "uuid": "60d9bc55-380d-4107-a256-2bc5c54e4990", "value": "poeooeowwo777.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950313", "to_ids": true, "type": "domain", "uuid": "03f789e4-9126-4c31-876b-0be439b3984a", "value": "quantumdataserver5.homes", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950334", "to_ids": true, "type": "domain", "uuid": "f60df4e7-0789-43a9-bc18-bada13caeafe", "value": "rapidfilevault4.cyou", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950355", "to_ids": true, "type": "domain", "uuid": "1d51eea5-44e5-412b-bcb4-24e9b8e509e1", "value": "rapidfilevault4.sbs", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950376", "to_ids": true, "type": "domain", "uuid": "dceb4f7e-c89e-4c17-8d11-83eb68e52c9f", "value": "rawmrk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950397", "to_ids": true, "type": "domain", "uuid": "0ce42263-c93b-48ec-bf2f-1410d51b7b88", "value": "reachnv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950418", "to_ids": true, "type": "domain", "uuid": "e69baf8c-6d6c-4c17-9d15-247cbdc02947", "value": "rebidy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950439", "to_ids": true, "type": "domain", "uuid": "8d5b7cdd-fc45-43ff-8b12-f00fc3ef4482", "value": "rhymbil.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950460", "to_ids": true, "type": "domain", "uuid": "7aa039ad-039c-4b66-867b-f97890bebe37", "value": "swift-sh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950481", "to_ids": true, "type": "domain", "uuid": "2d0fabe8-640d-41d8-b005-df9caba32fdd", "value": "tmcnex.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950503", "to_ids": true, "type": "domain", "uuid": "f2c0d42c-5c91-456b-a242-8b0499047310", "value": "trehlub.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950524", "to_ids": true, "type": "domain", "uuid": "87709165-ecdf-4cf5-9004-e2f637be852d", "value": "us41web.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950545", "to_ids": true, "type": "domain", "uuid": "285cbb33-2516-4c4d-9f03-02fd8d41b0c0", "value": "wewannaliveinpice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950566", "to_ids": true, "type": "domain", "uuid": "f5e1af2b-91e7-4a1a-a0f1-655090642f5b", "value": "wewannaliveinpicede.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950588", "to_ids": true, "type": "domain", "uuid": "884690ed-7ce2-467a-98d4-bb77064da869", "value": "xeebii.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950609", "to_ids": true, "type": "domain", "uuid": "fdb2bb19-15a6-4006-ba83-b8444d18bd59", "value": "yablochnisok.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950630", "to_ids": true, "type": "hostname", "uuid": "97311d6e-800e-4027-8d6e-e122e1af90b1", "value": "kvrnjr30.apexharvestor.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950651", "to_ids": true, "type": "hostname", "uuid": "140987ee-492e-4493-b058-48f4e583de47", "value": "qjywvkbl.degassing-mould.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950674", "to_ids": true, "type": "hostname", "uuid": "3e2b1467-8880-4e91-987e-b7a34d559b64", "value": "yygp4pdh.apexharvestor.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950695", "to_ids": true, "type": "hostname", "uuid": "8148b2c6-bfdc-4f09-98c0-ee7b8f7337b5", "value": "zg5mkr7q.apexharvestor.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950716", "to_ids": true, "type": "hostname", "uuid": "7122f432-78e3-44da-bf8f-bd506ebbc61f", "value": "mac-storage-guide.squarespace.com", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950737", "to_ids": true, "type": "hostname", "uuid": "fb7b56a0-08fb-4b2c-aa61-096acf4101ee", "value": "claudecodedoc.squarespace.com", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950759", "to_ids": true, "type": "hostname", "uuid": "00350e4a-93db-470b-a3da-86f469b6de10", "value": "macos-disk-space.medium.com", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950780", "to_ids": true, "type": "hostname", "uuid": "df2dd1d3-e68e-4aee-82ac-33ed0190eee1", "value": "macclean.craft.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950801", "to_ids": true, "type": "hostname", "uuid": "fe7a4c0c-d920-4f9c-80dd-c21bb5e016f6", "value": "apple-mac-fix-hidden.medium.com", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950822", "to_ids": true, "type": "domain", "uuid": "09c363ef-1ea8-4a0e-99d5-ef003ed9eb96", "value": "bulletproofdomai2n.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950843", "to_ids": true, "type": "domain", "uuid": "8cfe934f-d1dd-45e4-b75a-e0f251e6090d", "value": "pepepupuchek13.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950865", "to_ids": true, "type": "hostname", "uuid": "ebce9d0a-557b-498d-8bc1-4648bdc42530", "value": "datasphere.us.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950886", "to_ids": true, "type": "domain", "uuid": "20d8e1c1-2394-4287-a475-5e96cfe07b74", "value": "beransraol.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950907", "to_ids": true, "type": "domain", "uuid": "7cc8690a-a5f0-4625-8ab1-184ca729b12f", "value": "pissispissman.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950928", "to_ids": true, "type": "url", "uuid": "6981b464-38fb-4c30-a464-8574bf206b24", "value": "https://t.me/ax03bot", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950949", "to_ids": true, "type": "domain", "uuid": "b1099495-5180-4e63-8940-e8ab4171229e", "value": "ftduk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950970", "to_ids": true, "type": "domain", "uuid": "fb8f3938-d9a9-408c-a90f-1490b9f55062", "value": "jpbassin.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778950992", "to_ids": true, "type": "domain", "uuid": "10965b98-78cb-4d25-ba13-1c77df978343", "value": "hacelu.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951013", "to_ids": true, "type": "url", "uuid": "c3644e23-bb61-42d7-a9a8-d71a744ea190", "value": "http://138.124.93.32/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951035", "to_ids": true, "type": "url", "uuid": "ef3a75b0-780c-4a04-9aa9-3daa6a99a39b", "value": "http://168.100.9.122/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951056", "to_ids": true, "type": "url", "uuid": "ccf95cc7-2a8b-4e80-9d38-ea96a44d6dc7", "value": "http://199.217.98.33/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951077", "to_ids": true, "type": "url", "uuid": "ca5d469a-fc6d-4d08-a36e-78664d0dddfd", "value": "http://38.244.158.103/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951098", "to_ids": true, "type": "url", "uuid": "0bfd6304-6fe5-40f9-a3a1-fd3a14025819", "value": "http://38.244.158.56/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778951120", "to_ids": true, "type": "url", "uuid": "b4e79917-35fe-4645-8893-2b7db3b66314", "value": "http://92.246.136.14/contact", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546829", "uuid": "4c5bcb55-df16-49d1-927c-1d5627a231b2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546828", "to_ids": true, "type": "md5", "uuid": "c90963c3-e1ce-4ba6-80f4-83b3ee573d4f", "value": "6bdc50f8fd33068331e16766fd5f3b63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546828", "to_ids": true, "type": "sha1", "uuid": "60529900-3581-48e2-b34d-4ec0c252cc6a", "value": "286d5ca9275a8516cd0573d0750896f46090345c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546829", "to_ids": true, "type": "sha256", "uuid": "a043bab9-683a-408d-be11-3acd5d21eb92", "value": "241a50befcf5c1aa6dab79664e2ba9cb373cc351cb9de9c3699fd2ecb2afab05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945344", "to_ids": true, "type": "ssdeep", "uuid": "b76f4584-0353-4f5f-abc2-1e43dd8be178", "value": "3072:hej8lqbF3WPReIZ3PwkJOjTiA2ibl32PR+Ih13Lk:wo4bF3WpZPwkJ6TMibl32pn3Lk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945344", "to_ids": false, "type": "size-in-bytes", "uuid": "9ca149f2-1b80-4368-abc4-40c32efbdafb", "value": "206104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945344", "to_ids": true, "type": "vhash", "uuid": "7f833387-92c4-406f-8713-c3d6734f8aca", "value": "2a581c7f46b2e4fe65c191a172dc2260" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945344", "to_ids": true, "type": "filename", "uuid": "9f85883f-45bc-40a8-8505-d943c9279f10", "value": "7wsawlcvm.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 11/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945344", "to_ids": false, "type": "text", "uuid": "b30bd0b5-2f7b-4407-8365-b810e2b38c15", "value": "Type Description: Mach-O\nMicrosoft: Trojan:MacOS/Infostealer.A\nVT Total Detection:31/63\nFirst Submission:2026-03-06T15:37:02.000000+00:00\nLast Submission:2026-03-06T15:37:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546831", "uuid": "d0bce24c-8173-4ca1-9646-523de94dc18a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546831", "to_ids": true, "type": "md5", "uuid": "e92c51db-66be-4705-a7c3-97407e8c1498", "value": "8bfa2df2110c38dff2359a416ce14693", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546831", "to_ids": true, "type": "sha1", "uuid": "8191ac28-936b-4cdb-aa96-153a97f340bb", "value": "5144bf4e32c5832c426ad3da55d45f026f66bc95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546831", "to_ids": true, "type": "sha256", "uuid": "77b2609d-6ead-4cd6-a0fe-90beaa4e33a5", "value": "522fdfaff44797b9180f36c654f77baf5cdeaab861bbf372ccfc1a5bd920d62e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945366", "to_ids": true, "type": "ssdeep", "uuid": "43bc7969-ab42-41ac-892e-16fdfff7e496", "value": "6144:Su/Y6SQweJjt08hs2bIGFPekgP8Y4s6SSQQeJjtQvchsWbIuj36k:Su/bbZY1b9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945366", "to_ids": false, "type": "size-in-bytes", "uuid": "1ccf87cd-8e3f-4565-ad40-bf5f2756f574", "value": "372168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945366", "to_ids": true, "type": "vhash", "uuid": "8ba39601-2391-450e-a60d-66a75c15c0e1", "value": "2a581c7f46b2e4fe65c191a172dc2260" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945366", "to_ids": true, "type": "filename", "uuid": "6fb0bdf7-09e1-451d-a9ce-0ccc9af1bc2f", "value": "kito" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 13/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945366", "to_ids": false, "type": "text", "uuid": "ecf084ec-1536-487a-b1de-02d290d5ed4b", "value": "Type Description: Mach-O\nMicrosoft: Trojan:MacOS/AmosStealer.DA!MTB\nVT Total Detection:31/63\nFirst Submission:2026-03-09T21:48:34.000000+00:00\nLast Submission:2026-03-09T21:48:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546834", "uuid": "d48b14fd-bce0-4fc3-a512-261f75b1632e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546833", "to_ids": true, "type": "md5", "uuid": "0a564b00-56e6-48ab-bf45-6834f46952de", "value": "8a43b2d626ad00289053ab73374bbc2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546834", "to_ids": true, "type": "sha1", "uuid": "a9977e38-a8fc-4421-9358-16bab3af74b6", "value": "12633ed0d82597140207602d76aefe1b81352d77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546834", "to_ids": true, "type": "sha256", "uuid": "32f6cf81-0be7-4a60-87fc-d5f3089c2649", "value": "7ca42f1f23dbdc9427c9f135815bb74708a7494ea78df1fbc0fc348ba2a161ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945388", "to_ids": true, "type": "ssdeep", "uuid": "dee8820d-18e5-47f3-90bb-fb3dde2dc4a1", "value": "6144:P1kugwMYJxcPGkpXCmMrpgQM4J1w3fkP:P1kV5YKCmM2Z4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945388", "to_ids": false, "type": "size-in-bytes", "uuid": "e9917609-7327-4f6b-8308-045c0a8f6478", "value": "205960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945388", "to_ids": true, "type": "vhash", "uuid": "5ac4bdb9-cd9e-4b0d-89f8-bb8bfed002e8", "value": "2a581c7f46b2e4fe65c191a172dc2260" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945388", "to_ids": true, "type": "filename", "uuid": "ae7e148b-604a-4faf-9ff9-6fcf861d820d", "value": ".mainhelper" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 11/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945388", "to_ids": false, "type": "text", "uuid": "363811e4-a7e4-4b3c-8476-7e6bdf4422c9", "value": "Type Description: Mach-O\nMicrosoft: Trojan:MacOS/Infostealer.A\nVT Total Detection:30/63\nFirst Submission:2026-03-13T07:07:24.000000+00:00\nLast Submission:2026-03-13T07:19:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546837", "uuid": "9b61db65-6752-4c33-be1e-c5f950f09349", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546836", "to_ids": true, "type": "md5", "uuid": "c6451fc3-3b70-4af0-9ad0-462f9c7ebb45", "value": "22d051c9cc458012b98e9bdca501759e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546836", "to_ids": true, "type": "sha1", "uuid": "1d792e81-a75a-4529-bc78-e79cef9fd98d", "value": "a2421f7fd4be6b12382150033507af7aa8bf6241", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546837", "to_ids": true, "type": "sha256", "uuid": "e82e0361-52ff-4986-9376-29771fdc3797", "value": "9d2da07aa6e7db3fbc36b36f0cfd74f78d5815f5ba55d0f0405cdd668bd13767", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945410", "to_ids": true, "type": "ssdeep", "uuid": "3b984e1d-1413-4fe9-9736-e00c500fa58d", "value": "1536:aKjUPR3VA1N/C4p3FKR3iPYpSkSQqbEebzKzOCQJfAEGTDWFGHp5XNKSt3CMi3uf:aK+3VADpPZkSXzgOClTDWgX439k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945410", "to_ids": false, "type": "size-in-bytes", "uuid": "64338e52-ef3c-4c5c-b4f6-fdac66602b2c", "value": "156824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945410", "to_ids": true, "type": "vhash", "uuid": "37260e8d-3dae-4fb4-a068-e17eb29d778e", "value": "2a581c7f46b2e4fe65c191a172dc2260" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945410", "to_ids": true, "type": "filename", "uuid": "1f3f396b-faad-4caf-8645-abb61192b536", "value": "123a" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945410", "to_ids": false, "type": "text", "uuid": "1092f188-b60e-46c3-9fb6-108b8a6bf925", "value": "Type Description: Mach-O\nMicrosoft: Trojan:MacOS/Infostealer.A\nVT Total Detection:30/63\nFirst Submission:2026-02-26T13:30:26.000000+00:00\nLast Submission:2026-02-27T04:35:06.000000+00:00" } ] } ] } }