{ "Event": { "analysis": "1", "date": "2026-04-29", "extends_uuid": "", "info": "[Threat Intel] Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages", "protected": false, "publish_timestamp": "1779545922", "published": true, "threat_level_id": "2", "timestamp": "1779545921", "uuid": "8e48f3e6-8270-4ad5-b955-772c87822843", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"3b16bb5a-eb4f-4603-a909-bebc5df4a46d\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Shai-Hulud\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777546824", "to_ids": false, "type": "link", "uuid": "571d8d34-383e-4ce8-a629-c9dcabed1e43", "value": "https://socket.dev/blog/sap-cap-npm-packages-supply-chain-attack", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1777546824", "to_ids": false, "type": "text", "uuid": "127ae8be-c1e1-43ed-a7f6-96e681cab27b", "value": "Multiple npm packages in the SAP JavaScript and cloud application development ecosystem were compromised in a suspected supply chain attack. Affected packages include mbt@1.2.48, @cap-js/db-service@2.10.1, @cap-js/postgres@2.2.2, and @cap-js/sqlite@2.2.2. The compromised versions introduced malicious preinstall scripts that download and execute Bun binaries from GitHub, then run heavily obfuscated payloads designed to harvest credentials from developer machines and CI/CD environments. The payloads steal SSH keys, cloud credentials, npm tokens, GitHub access, cryptocurrency wallets, and CI/CD secrets directly from runner memory. Stolen data is encrypted and exfiltrated via GitHub repositories created under victim accounts. The malware also attempts self-propagation by injecting itself into additional packages using stolen npm tokens and establishes persistence through VSCode and Claude IDE configurations." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1777546824", "to_ids": false, "type": "text", "uuid": "34339ef4-ef46-44b7-8dd8-16e3cf54dc03", "value": "Name: Supply Chain Attack Hits SAP CAP and Cloud MTA npm Packages\nAuthor: AlienVault\nAdversary: TeamPCP\nTags: [\"credential-theft\", \"supply-chain-attack\", \"ci-cd-compromise\", \"bun-binary\", \"sap-cap\", \"obfuscation\", \"github-abuse\", \"npm-packages\"]\nTgtd countries: []\nMlwr families: []\nAttack_ids: []\nIndustries: [\"Technology\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1777546824", "to_ids": false, "type": "threat-actor", "uuid": "05a9fae5-af50-4cf4-8121-56cd895a51dc", "value": "TeamPCP" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777767213", "to_ids": true, "type": "url", "uuid": "0b1f4dfb-0160-4108-b0d9-78d57c03c02b", "value": "http://169.254.169.254", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777767234", "to_ids": true, "type": "url", "uuid": "6f322ca9-8c72-4801-8bb2-2644b0bcbb9a", "value": "http://169.254.170.2", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 40342", "deleted": false, "disable_correlation": false, "timestamp": "1777767255", "to_ids": true, "type": "url", "uuid": "961004d4-affb-4d9e-977f-5d0e7c5d11ba", "value": "http://127.0.0.1", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777767276", "to_ids": true, "type": "url", "uuid": "08393971-9d8f-4b8c-a9da-94de66002f70", "value": "http://metadata.google.internal", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777767297", "to_ids": true, "type": "url", "uuid": "09000d87-8897-418b-a2f7-05ce52f8560c", "value": "https://api.github.com/search/commits?q=OhNoWhatsGoingOnWithGitHub&sort=author-date&order=desc&per_page=50", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545913", "uuid": "f087559e-f2fe-4ace-a721-570d0d9a8916", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545913", "to_ids": true, "type": "md5", "uuid": "933d284e-739b-448e-9354-edc8ac0a9b06", "value": "35baf8316645372eea40b91d48acb067", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545913", "to_ids": true, "type": "sha1", "uuid": "d5ac627b-def9-49b1-8332-6c87aee18ecf", "value": "307d0fa7407d40e67d14e9d5a4c61ac5b4f20431", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545913", "to_ids": true, "type": "sha256", "uuid": "db47dd3c-1f07-4fb6-8894-a545ad2e0bd8", "value": "4066781fa830224c8bbcc3aa005a396657f9c8f9016f9a64ad44a9d7f5f45e34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765573", "to_ids": true, "type": "ssdeep", "uuid": "a5a90d4c-ffd2-41d3-82fe-d72236efccb7", "value": "96:/X/qVk2WMQuvineUEUcqARaTuEr1x7TtURs5T0SZIO5j/ByUFLPf3:nlWvUEUru+r1x7TtURsJ9T7L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765573", "to_ids": false, "type": "size-in-bytes", "uuid": "3d80c41e-b56f-4c79-a4aa-b8d6f275af60", "value": "4549" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765573", "to_ids": true, "type": "filename", "uuid": "d00a320a-9fbb-47b4-aae9-ea593888e8d4", "value": "setup.mjs" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 01/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765573", "to_ids": false, "type": "text", "uuid": "c6e69ba7-b328-4593-b4e9-25856466d748", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/ShaiWorm.DS!MTB\nVT Total Detection:8/62\nFirst Submission:2026-04-29T17:59:22.000000+00:00\nLast Submission:2026-04-29T17:59:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545916", "uuid": "5922830b-0fe5-4afb-bda6-0532b913d95c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545915", "to_ids": true, "type": "md5", "uuid": "bfc3c4de-a941-44a8-94ed-a8cb6c5973c9", "value": "6fb87d243b011b5445f379f80e1a6b4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545916", "to_ids": true, "type": "sha1", "uuid": "23c5db7f-3644-49aa-b702-9b076fc4cbee", "value": "bc95cc5dda788295aa0c9456791520599ef99526", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545916", "to_ids": true, "type": "sha256", "uuid": "66377bcf-5d50-498a-ba39-5d16a406e154", "value": "6f933d00b7d05678eb43c90963a80b8947c4ae6830182f89df31da9f568fea95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765594", "to_ids": true, "type": "ssdeep", "uuid": "9f15457b-eb13-4ff2-aa6a-5bb1814169da", "value": "49152:tPuoNTbvI3eIJoZLZbvoDd2WQaqPvGgUILqx/mQHxcj1D4ZKLqWIP71VrZcezi8K:YPoH3ec" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765594", "to_ids": false, "type": "size-in-bytes", "uuid": "81cd466c-abef-4c5a-af04-146ad9b45d02", "value": "11729871" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777765594", "to_ids": true, "type": "vhash", "uuid": "1721cd77-1c89-4b4e-9588-93c47b1be4cb", "value": "a89c16d574a0ed404bb69484c9742a42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765594", "to_ids": true, "type": "filename", "uuid": "4f86fe09-d8bf-4d45-b9b5-dbb74e38536f", "value": "execution.js" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 03/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765594", "to_ids": false, "type": "text", "uuid": "5b00301c-f186-4102-a1e2-afdbcae2ebb9", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/SPchnStlr.BB\nVT Total Detection:17/62\nFirst Submission:2026-04-29T17:59:05.000000+00:00\nLast Submission:2026-04-29T18:05:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545918", "uuid": "ec85b033-b1f1-49f4-bd31-e2a88132173f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545918", "to_ids": true, "type": "md5", "uuid": "185fd494-7117-4aeb-ace3-0209a9a3ee64", "value": "45dc9c02f82b4370ca92785282d43a86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545918", "to_ids": true, "type": "sha1", "uuid": "015e8420-464c-4264-9d34-6bc51c4d1e85", "value": "6bc859aaee1f8885eec2a3016226e877e5adba08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545918", "to_ids": true, "type": "sha256", "uuid": "052225b2-7512-494d-9e98-06b6eed21723", "value": "80a3d2877813968ef847ae73b5eeeb70b9435254e74d7f07d8cf4057f0a710ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765616", "to_ids": true, "type": "ssdeep", "uuid": "3555f2f9-f188-4f46-867e-e9191ae7e415", "value": "49152:rqGWE3AknAgZf2q9PpoGcr3r9BKwmZ6CdJbrAaLcYUr3yx7LfDhLynLcqL8Cw1/a:VOPIxoIQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765616", "to_ids": false, "type": "size-in-bytes", "uuid": "4c143fe8-e868-41ff-9c7e-56507ff54412", "value": "11678349" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777765616", "to_ids": true, "type": "vhash", "uuid": "a8c6378a-450b-4417-a608-0d58a7c933de", "value": "bd6867564df924de1feb5b91bdc5a6e9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765616", "to_ids": true, "type": "filename", "uuid": "a6415b75-2469-4be5-8aad-85c561e54a3d", "value": "execution.js" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 03/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765616", "to_ids": false, "type": "text", "uuid": "e221b914-8576-4dce-ab96-cfec43d80619", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/ShaiWorm.DQ!MTB\nVT Total Detection:21/60\nFirst Submission:2026-04-29T11:57:55.000000+00:00\nLast Submission:2026-04-29T12:39:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545921", "uuid": "187c03c3-71ee-4a21-ad3b-e70838ebdd0d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545920", "to_ids": true, "type": "md5", "uuid": "7545985e-98eb-4955-bf45-1efdfe059fe2", "value": "b523a69b27064d1715d1f0aaffcfae63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545921", "to_ids": true, "type": "sha1", "uuid": "41a076fa-2317-4708-a030-1d19008f5ca0", "value": "ca4a5bb85778ffcd2153ace88fe2d882c8ceeb23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545921", "to_ids": true, "type": "sha256", "uuid": "6e9cc462-7eb2-455d-92e2-157f862c2886", "value": "eb6eb4154b03ec73218727dc643d26f4e14dfda2438112926bb5daf37ae8bcdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777765638", "to_ids": true, "type": "ssdeep", "uuid": "3e902775-b37a-448b-bc80-9eb3f135cbd4", "value": "49152:AZjYI+b4OtI2nAB66W2Bo/MM/+qtzRqaizbUJZPznLhyUm0GlNIwNM27xDka1Fm7:li8tV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777765638", "to_ids": false, "type": "size-in-bytes", "uuid": "4dedf635-c4d4-4466-a3cd-b4aab9e85490", "value": "11723748" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777765638", "to_ids": true, "type": "vhash", "uuid": "b9655f21-7225-4616-b1e8-969eaa42d861", "value": "a89c16d574a0ed404bb69484c9742a42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777765638", "to_ids": true, "type": "filename", "uuid": "68b6547d-cf24-4968-9f52-2ca16c3ef3c4", "value": "execution.js" }, { "category": "Other", "comment": "Checked: 03/05/2026\nLast-scan\t: 03/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777765638", "to_ids": false, "type": "text", "uuid": "b3d27c05-198a-4aec-8981-3e47709bb3d3", "value": "Type Description: JavaScript\nMicrosoft: Trojan:JS/SPchnStlr.BB\nVT Total Detection:19/60\nFirst Submission:2026-04-29T18:06:30.000000+00:00\nLast Submission:2026-04-29T18:06:30.000000+00:00" } ] } ] } }