{ "Event": { "analysis": "1", "date": "2026-05-07", "extends_uuid": "", "info": "[Threat Intel] Fake call logs, real payments: How CallPhantom tricks Android users", "protected": false, "publish_timestamp": "1779546793", "published": true, "threat_level_id": "3", "timestamp": "1779546793", "uuid": "ba57e423-eb23-4cc7-88af-cde6f2ad2e53", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"142 - Asia\"", "relationship_type": "" }, { "colour": "#5f0077", "local": false, "name": "ms-caro-malware:malware-platform=\"AndroidOS\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Generate Traffic from Victim - T1643\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1437.001\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778238021", "to_ids": false, "type": "link", "uuid": "6bf11e22-c19c-4931-acf9-aac358c9c3ef", "value": "https://www.welivesecurity.com/en/eset-research/fake-call-logs-real-payments-how-callphantom-tricks-android-users/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1778238021", "to_ids": false, "type": "text", "uuid": "8c1efa61-2be7-4bcf-8436-b5d88e3876f4", "value": "ESET researchers discovered 28 fraudulent Android applications on Google Play, collectively named CallPhantom, that falsely claimed to provide call histories, SMS records, and WhatsApp logs for any phone number. These apps were downloaded over 7.3 million times before removal, primarily targeting users in India and the Asia-Pacific region. The apps generate fabricated data using hardcoded names and random phone numbers, displaying this fake information only after payment. CallPhantom employs three payment methods, with some bypassing Google Play's official billing system through third-party UPI payments or direct card entry, making refunds difficult. The scam exploits user curiosity about private information, charging between \u20ac5 and $80 for worthless subscriptions that deliver entirely fabricated communication data." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1778238021", "to_ids": false, "type": "text", "uuid": "db29e842-4c01-4a9e-a2f8-fbad0079068a", "value": "Name: Fake call logs, real payments: How CallPhantom tricks Android users\nAuthor: AlienVault\nAdversary: \nTags: [\"fraudulent apps\", \"upi payment\", \"fake call history\", \"india targeting\", \"callphantom\", \"android fraud\", \"google play\", \"subscription scam\"]\nTgtd countries: [\"British Indian Ocean Territory\", \"India\"]\nMlwr families: [\"CallPhantom\"]\nAttack_ids: []\nIndustries: []" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546760", "to_ids": true, "type": "sha1", "uuid": "57eb1529-65bb-496a-8b3d-3b5e0d554df7", "value": "04d2221967ffc4312afdc9b06a0b923bf3579e93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546762", "to_ids": true, "type": "sha1", "uuid": "7aee0827-7166-4fee-a03c-ca5dd46a6fa8", "value": "053a6a723fa2bfda8a1b113e8a98dd04c6eef72a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546764", "to_ids": true, "type": "sha1", "uuid": "ff88f2f5-bda9-4f58-890e-c6770b9ccb0e", "value": "28d3f36bd43d48f02c5058edd1509e4488112154", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546766", "to_ids": true, "type": "sha1", "uuid": "4e5b3643-69ae-447a-b630-a0e665239b93", "value": "34393950a950f5651f3f7811b815b5a21f84a84b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546768", "to_ids": true, "type": "sha1", "uuid": "42d65b66-93ce-4d4e-ad79-e27527cbf31d", "value": "45d04e06d8b329a01e680539d798dd3ae68904da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546770", "to_ids": true, "type": "sha1", "uuid": "75598244-1060-43cd-af11-007ed5012377", "value": "47cee9ded41b953a84fc9f6ed556ec3af5bd9345", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546772", "to_ids": true, "type": "sha1", "uuid": "cfe30b80-56ee-4398-b128-757d116c95ae", "value": "55d46813047e98879901fd2416a23acf8d8828f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546774", "to_ids": true, "type": "sha1", "uuid": "be15a384-ba68-445a-a6fe-60a6c213a480", "value": "56a4fd71d1e4bba2c5c240be0d794dcff709d9eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546776", "to_ids": true, "type": "sha1", "uuid": "bf29712e-0c22-4600-8f0c-c9951eb590b0", "value": "77c8b7bec79e7d9ae0d0c02dec4e9ac510429ad8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546778", "to_ids": true, "type": "sha1", "uuid": "b3d028f9-bfb7-4edd-aa64-0e18e5902527", "value": "799bb5127ca54239d3d4a14367db3b712012cf14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546780", "to_ids": true, "type": "sha1", "uuid": "3b84827e-ef69-4dd7-907e-c248389a4cc3", "value": "89ecec01ccb15fcdd2f64e07d0e876a9e79dd3ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546782", "to_ids": true, "type": "sha1", "uuid": "572ca192-a015-4919-999c-db4959a3198c", "value": "8ec557302145b40fe0898105752fff5e357d7ac9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546784", "to_ids": true, "type": "sha1", "uuid": "757ec724-b2a5-41dd-90bd-1199d4aa8f61", "value": "9199a376b433f888afe962c9bbd991622e8d39f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546786", "to_ids": true, "type": "sha1", "uuid": "fe7070b5-212a-4a53-bc06-39775eff2aad", "value": "b7b80fa34a41e3259e377c0d843643ff736803b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546787", "to_ids": true, "type": "sha1", "uuid": "3ce599e8-f51d-483c-bea7-d375c23393ec", "value": "c840a85b5fbaf1ed3e0f18a10a6520b337a94d4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546789", "to_ids": true, "type": "sha1", "uuid": "81478fc7-13b2-4834-bcb0-c68cf127d742", "value": "ce97ca7feecdcafc6b8e9bd83a370dfa5c336c0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546791", "to_ids": true, "type": "sha1", "uuid": "f82d3986-c6a0-48f9-a181-92cae7ce4876", "value": "e23d3905443cdbf4f1b9ca84a6ff250b6d89e093", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546793", "to_ids": true, "type": "sha1", "uuid": "0056bdef-bf6a-442b-b3f2-7314ed51eed5", "value": "f0a8ebd7c4179636be752eccfc6bd9e4cd5c7f2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778946955", "to_ids": true, "type": "ip-dst", "uuid": "b96b7a89-1cb8-4aaa-849c-02b8b32e36f6", "value": "34.120.160.131", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778946976", "to_ids": true, "type": "hostname", "uuid": "ee75a431-775a-4266-8743-58be36c62af0", "value": "call-history-7cda4-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778946998", "to_ids": true, "type": "hostname", "uuid": "3d697828-2b4f-4389-93d4-7cd458cab2e0", "value": "call-history-ecc1e-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947019", "to_ids": true, "type": "ip-dst", "uuid": "8f438def-5bb0-4ca4-84a0-20c65c830cab", "value": "34.120.206.254", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947040", "to_ids": true, "type": "hostname", "uuid": "6f285eb5-4bdc-4ef9-9fb3-a40653778421", "value": "ch-ap-4-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778947061", "to_ids": true, "type": "hostname", "uuid": "23c2e4be-d5f5-4190-8b6f-f381c41b2ca6", "value": "chh1-ac0a3-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546735", "uuid": "d44822d1-0aa5-45d0-b0dc-74134cc40002", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546734", "to_ids": true, "type": "md5", "uuid": "444480f6-972c-471d-a0ca-065c3a4727f6", "value": "566d793455f35f85eb56af4dc89bd367", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546734", "to_ids": true, "type": "sha1", "uuid": "78206ac5-0f74-4701-ad04-2490cc11aa43", "value": "4b537a7152179bba19d63c9ef287f1ac366ab5cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546735", "to_ids": true, "type": "sha256", "uuid": "fbd90d67-e0cb-4da8-84f5-b941f2fcc3c2", "value": "92e857fb3abad1b193dfeb61141b46f017aae585483aef09aff01e085e2bfb4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778944627", "to_ids": true, "type": "ssdeep", "uuid": "f2db1984-b674-47ca-9c62-dca458962f12", "value": "196608:3McEWql4qyGmE6C+UkrsEaZuSqLDXSJQ/GwgbnZyIiAIbhLEFVtaX0MN7DkNG0Cq:8cir/mZnaZ2WJQ/W7ZyIiAIbMNmxM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778944627", "to_ids": false, "type": "size-in-bytes", "uuid": "df066baf-ffb4-4ae4-9330-d60dfd5105bc", "value": "27406194" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778944627", "to_ids": true, "type": "vhash", "uuid": "41387eaf-cb3d-4c99-95a4-8d09a59048e1", "value": "bd9b0f2268c00329d7caa9af3dc58702" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778944627", "to_ids": false, "type": "text", "uuid": "36f227ea-aa56-49ce-a1b8-7bd03f8a61a7", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:4/65\nFirst Submission:2025-12-04T12:20:19.000000+00:00\nLast Submission:2025-12-04T12:20:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546737", "uuid": "76c80945-20d4-428d-9335-ee1772084761", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546737", "to_ids": true, "type": "md5", "uuid": "263d17f2-f8ad-4a65-ba8c-837c633adf7c", "value": "56afd274c43fda3d9604303c4e4f499a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546737", "to_ids": true, "type": "sha1", "uuid": "37548ad7-c3a9-4f6f-b9d3-5e5918d84b84", "value": "583d0e7113795c7d68686d37ce7a41535cf56960", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546737", "to_ids": true, "type": "sha256", "uuid": "34fa6828-bf7d-4e4d-adc1-307735688e4b", "value": "8aa945db3e63ae8fbfae761d0490d4804799f89d285c8d92625bd2a4e14ff5d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778944691", "to_ids": true, "type": "ssdeep", "uuid": "46f4f811-a6de-474d-a794-3b9a8a006838", "value": "196608:d9W8KHsZv+/Rd8iI3MRUCM22ndAXRZBZz+c3RZyIiAIbEdYGSDGHlp:TWNSYRd8iI3WHMlnCfRZyIiAIbS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778944691", "to_ids": false, "type": "size-in-bytes", "uuid": "0a6852bd-c059-4397-9c37-038b7ad7cf35", "value": "27766227" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778944691", "to_ids": true, "type": "vhash", "uuid": "93bb58e5-e565-41ba-9d32-f22b41d627d8", "value": "a9780c64692381eaec76b900e2a5873a" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778944691", "to_ids": false, "type": "text", "uuid": "478a912b-0bcd-4f6e-a600-e46beaa3f17e", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:3/66\nFirst Submission:2025-10-03T08:38:30.000000+00:00\nLast Submission:2025-10-03T08:38:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546740", "uuid": "2e463b72-0700-4e7d-99a6-94b7cf35080a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546739", "to_ids": true, "type": "md5", "uuid": "d3608ea8-1cd5-4451-975b-e92cfbe253b1", "value": "0d13503d99622b15d54dd1d1efd3afd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546740", "to_ids": true, "type": "sha1", "uuid": "2730d9a2-e2d0-42cf-a339-8819993afe59", "value": "6f72ff58a67ef7aaa79ce2342012326c7b46429d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546740", "to_ids": true, "type": "sha256", "uuid": "d69d3755-44cf-4a6b-ad28-f29a30b33684", "value": "eb59536769bc8e429a1138812f4a00bd0f03f7196ef9a2c4db85a385777a1bca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778944714", "to_ids": true, "type": "ssdeep", "uuid": "7795bdd9-02b9-4c6a-9c5b-0a2652cd422f", "value": "786432:nxjyU1HZu5X7DncyfQX8wVVedxyVvVhAbwjsNj8asI:OnctVedxyVv+BytI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778944714", "to_ids": false, "type": "size-in-bytes", "uuid": "5cd8e5c3-0391-46e3-b330-00d6b153fad4", "value": "37920826" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778944714", "to_ids": true, "type": "vhash", "uuid": "e2bc637f-7649-457c-bbc3-e1aeb5c47dcd", "value": "708c9f55b5feeb8db1eb216269c35efc" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778944714", "to_ids": false, "type": "text", "uuid": "39979425-4ee4-4e59-9c32-5bc8cecd7bc6", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:3/67\nFirst Submission:2025-11-04T14:16:33.000000+00:00\nLast Submission:2025-11-04T14:16:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546743", "uuid": "f9bfdf0a-559e-4ab1-b380-2ffd4de50fde", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546742", "to_ids": true, "type": "md5", "uuid": "7f9d4cfc-5c0c-4176-8a3c-00bac5d4177c", "value": "7f0e32a7e3633ec69d8e11224b2440b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546742", "to_ids": true, "type": "sha1", "uuid": "32c199e5-7121-4f3b-a293-a0d4cdfba4b9", "value": "87f6b2db155192692bad1f26f6aebb04dbf23aad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546743", "to_ids": true, "type": "sha256", "uuid": "535685da-0a8e-40a4-9bd3-b729ccc7d0d7", "value": "fd6cae8556aaf14a95e700e9626e61e4a032c1c00414f336865dc95b7aecd3f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778944778", "to_ids": true, "type": "ssdeep", "uuid": "d723e427-4088-4730-ba19-b5028b2081db", "value": "196608:6yABAZuOdQVBYqsCVX/6ahgif0LzWfAItv:6fu9Lk1hf2fG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778944778", "to_ids": false, "type": "size-in-bytes", "uuid": "b20f4071-885c-4b2c-82f5-a24ef40db0c1", "value": "13385173" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778944778", "to_ids": true, "type": "vhash", "uuid": "8a574930-62f3-43ae-a659-727363a3239b", "value": "6603c690ea55601a220de6c2a084ed45" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778944778", "to_ids": true, "type": "filename", "uuid": "0fa0c42e-a73f-404c-a190-306009c0114c", "value": "fd6cae8556aaf14a95e700e9626e61e4a032c1c00414f336865dc95b7aecd3f2.apk" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778944778", "to_ids": false, "type": "text", "uuid": "cd411d42-3ddc-4190-a969-fa9e67a7fdbc", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:4/66\nFirst Submission:2025-09-11T22:25:17.000000+00:00\nLast Submission:2025-09-11T22:25:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546745", "uuid": "b20981d0-fa7c-4a48-8c49-edd7a35f9174", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546745", "to_ids": true, "type": "md5", "uuid": "a178de4c-1a6a-49ec-844b-c3383de12e18", "value": "80ffabb1c3061737da09849e96b2a024", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546745", "to_ids": true, "type": "sha1", "uuid": "cdd86417-b61d-4d94-b114-902ecd073433", "value": "9484efd4c19969f57afb0c21e6e1a4249c209305", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546745", "to_ids": true, "type": "sha256", "uuid": "0a9dca3f-829c-4a99-8861-73699f293655", "value": "0900cc145471e3a723ed9dfb6fdc04448e08ab2d3a67eeaeb959def9e6a55fd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778944863", "to_ids": true, "type": "ssdeep", "uuid": "476ee571-9743-4e00-b3cd-8f0489c08cea", "value": "196608:lk3AHlNkJmUEFVtaX0MN7pLTXOPrYqMDsW2DIEyKV9mRK0SA5SW766H4lzVeXXkx:lkg8TrKuC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778944863", "to_ids": false, "type": "size-in-bytes", "uuid": "c2032ae5-858d-4fc8-9714-c202ce0a4df1", "value": "10021692" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778944863", "to_ids": true, "type": "vhash", "uuid": "707917ce-8c14-4fa9-bbf7-191bcb2420b5", "value": "76e1cd2fd5f2705375404b23a7ad4b6f" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778944863", "to_ids": false, "type": "text", "uuid": "a06b8b2f-fd80-47fe-a8d0-e5f82814bca8", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:6/65\nFirst Submission:2025-11-08T13:56:57.000000+00:00\nLast Submission:2025-11-08T13:56:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546748", "uuid": "16973a25-778b-451d-9cdb-feb229acb24d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546747", "to_ids": true, "type": "md5", "uuid": "d7ee8fa2-51a1-440f-aef3-39f1ef47387c", "value": "64905bd266df2565166691821ef36193", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546748", "to_ids": true, "type": "sha1", "uuid": "c2a09ed3-cc15-457a-be8d-4d29efdaec58", "value": "bb6260ca856c37885bf9e952ca3d7e95398ddabf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546748", "to_ids": true, "type": "sha256", "uuid": "f6acdfc5-da51-44d9-ac44-9b2ad68f9d56", "value": "5a4e3c5130d1c3511f35e476055f267c775265326b9ae42562cc4d959508effc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778944906", "to_ids": true, "type": "ssdeep", "uuid": "d99f6336-4ce3-4adf-980e-c61631d576ea", "value": "196608:APCqDg3nHz9wyeCyDsqexI4lXEOjPp9nWRD:APLgXHzqbCMsblbQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778944906", "to_ids": false, "type": "size-in-bytes", "uuid": "9edcc9f9-b128-47bb-877c-936d2e415fd2", "value": "12129710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778944906", "to_ids": true, "type": "vhash", "uuid": "be70ee9d-5348-4d65-aeaa-0a857955d0d9", "value": "7a3a4b6229aab1b662c1bcc941f29acc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778944906", "to_ids": true, "type": "filename", "uuid": "6c9e5607-2d9f-4af2-93b1-371ece2e641e", "value": "eix51d.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778944906", "to_ids": false, "type": "text", "uuid": "efa0c6cb-c756-4433-9db2-46c53ae25c6f", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:6/66\nFirst Submission:2025-10-20T07:50:58.000000+00:00\nLast Submission:2025-10-20T07:50:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546751", "uuid": "aca9de17-9f27-4ade-bd49-68e4d26acf01", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546750", "to_ids": true, "type": "md5", "uuid": "2ade942a-1d54-4bdd-a7b1-6bed3bc4f326", "value": "1255157902ea259e6e0f8e0f546a25a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546750", "to_ids": true, "type": "sha1", "uuid": "c582c546-dd0a-4b68-b17c-eb14e40b9647", "value": "cb31ed027fadbfa3bffdbc8a84ee1a48a0b7c11d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546751", "to_ids": true, "type": "sha256", "uuid": "23861288-ccae-436f-aeba-a638f8f3cad3", "value": "b08172118a9909a63c4714ff6b08cd659e68129c1b3ade8b250b76800c75b138", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778944949", "to_ids": true, "type": "ssdeep", "uuid": "f555da0c-be2f-4284-93ae-f276cdcce325", "value": "98304:QqeNBmKGQRgvEwudXOPrYqMDsW2uwi4CxMZBeyDq86wHFhvUK0SA5SW766H4waQ9:eDwudXOPrYqMDsW2uVIPPDq8jF150SA7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778944949", "to_ids": false, "type": "size-in-bytes", "uuid": "4cd0d7fd-ac96-42ae-b5d7-5f2d8a2644e6", "value": "5556518" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778944949", "to_ids": true, "type": "vhash", "uuid": "52859600-d77e-45c2-b80c-320aad629ff3", "value": "8988045b2dbaaa6e7e57cbf368788434" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778944949", "to_ids": true, "type": "filename", "uuid": "7210af81-8f6e-4e54-9a93-d04406eaa784", "value": "jpsdd795.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 15/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778944949", "to_ids": false, "type": "text", "uuid": "ef671b17-e3d7-4c43-8ee1-05909ed2bd4d", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:8/66\nFirst Submission:2026-05-08T20:51:31.000000+00:00\nLast Submission:2026-05-08T20:51:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546753", "uuid": "236a6b50-b574-4ad4-8c6d-2ec5b7d755db", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546753", "to_ids": true, "type": "md5", "uuid": "c6773328-45e2-4cb4-b1a7-1a04b4e8e3e3", "value": "c0a244662ad5c7419f7e937e606d78ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546753", "to_ids": true, "type": "sha1", "uuid": "072b5666-ed6d-4769-a399-7b2a6b55569e", "value": "d021e7a0cf45eecc7ee8f57149138725dc77dc9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546753", "to_ids": true, "type": "sha256", "uuid": "a138d10e-a463-43a1-b287-4f6892a30a74", "value": "f6985f72cf17e68bda67f7ce3f8d1ff3f940cb872d78514d28d78549aa84664e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778944992", "to_ids": true, "type": "ssdeep", "uuid": "3b02ef88-1fcd-448d-91f2-921aa6dd47da", "value": "196608:2LoXOPrYqMDsW2QjsXvdsT5Yv9jOcf7GD0SA5SW766HOlzVeXXkHbYsYB4AZbje6:2UMX3v9jDl5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778944992", "to_ids": false, "type": "size-in-bytes", "uuid": "25c2c349-5c5f-40e6-b7b6-e1f87159b889", "value": "7982188" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778944992", "to_ids": true, "type": "vhash", "uuid": "849f0547-73c0-4076-847b-5290e5c04147", "value": "05ea7d4dca637f8dbe08878c5d3e439c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778944992", "to_ids": true, "type": "filename", "uuid": "367ce612-3e68-4c8d-b069-d971b9fd5438", "value": "69u1ks.exe" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778944992", "to_ids": false, "type": "text", "uuid": "5c6fe6bd-12a3-42ee-8f46-a168b55e9bb1", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:6/66\nFirst Submission:2025-10-26T08:31:42.000000+00:00\nLast Submission:2025-10-26T08:31:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546756", "uuid": "4d0f0261-2ec9-449c-9729-98b57236f73f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546755", "to_ids": true, "type": "md5", "uuid": "d6e52c93-8acf-4f81-85c3-14d2f43d3ccd", "value": "2604b1eff1da349de603978585e7563e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546756", "to_ids": true, "type": "sha1", "uuid": "b0161a74-19ba-40fa-accd-deb0b8a638df", "value": "ec5e470753e76614cd28ecf6a3591f08770b7215", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546756", "to_ids": true, "type": "sha256", "uuid": "f2cff027-7c37-4b3f-b7b0-5c306ebbc0c2", "value": "e6b2455737d046bf531d914d312da19fd5adbdefd41ba8357257a2575a1b4a91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945035", "to_ids": true, "type": "ssdeep", "uuid": "f836b515-39ea-46d9-80f6-d8a8167d01db", "value": "98304:cMTk9+ipbC5T9N04UgkmnsQCigjXPvFyHwlBm2N1HMyl+m/CZlz67RFMSjO1qUhU:CPCqDg3nm9Flm2N1Sm/CW1FwqQQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945035", "to_ids": false, "type": "size-in-bytes", "uuid": "171190c9-d0eb-4f57-82e0-a4a43b6563bc", "value": "16853885" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945035", "to_ids": true, "type": "vhash", "uuid": "0e770871-f1d9-4108-89ca-f0f464b499a5", "value": "aadabb535daad693abf5de51a05b594d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945035", "to_ids": true, "type": "filename", "uuid": "8a7b956a-1b39-4783-b800-cf4cf079e770", "value": "ec5e470753e76614cd28ecf6a3591f08770b7215.apk" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945035", "to_ids": false, "type": "text", "uuid": "9b09dfcd-4f3d-4d2c-8d8c-c58bf97497e3", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:4/65\nFirst Submission:2026-05-09T01:56:56.000000+00:00\nLast Submission:2026-05-09T01:56:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546759", "uuid": "1b4bbf89-3a40-4738-b633-0547e7aad717", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546758", "to_ids": true, "type": "md5", "uuid": "241f1eab-091c-468c-b298-daa48df58d1a", "value": "5c9a9db9c272444a96b52f8cd11ecb83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546758", "to_ids": true, "type": "sha1", "uuid": "db4f43af-e7e1-494b-b7f3-f846b367b9b4", "value": "fc3ba2edac0bb9801f8535e36f0bcc49ada5fa5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546759", "to_ids": true, "type": "sha256", "uuid": "2e6f64ec-6d97-4dba-9d64-abb1d79a3e25", "value": "0215fd18f0db2cd8cb52ff16ace70ef38b7f0ca54c7ad5979562e9787463e6dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778945078", "to_ids": true, "type": "ssdeep", "uuid": "f066a36c-f46f-432e-8913-063b9d633fdb", "value": "98304:rbJ8mBOFemA5qoXZegsBZBk3GUYW/q6nrpK2QvOryUuAS0e5IU7Ucn7MEsrplzVH:rbmmB9mOh8z9k3xl/q6nrpK2QvUS0e5u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778945078", "to_ids": false, "type": "size-in-bytes", "uuid": "896940f1-d6f5-467f-b7e1-ceb34a098c4b", "value": "5250631" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778945078", "to_ids": true, "type": "vhash", "uuid": "91bf5690-2eb9-4d6d-8af5-90871fb61847", "value": "524cd505f34c24ed8e4eef6b22867756" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778945078", "to_ids": true, "type": "filename", "uuid": "f44a15da-90ac-420e-b300-5707904665ff", "value": "call-details-of-anya-number-v1-3.apk" }, { "category": "Other", "comment": "Checked: 16/05/2026\nLast-scan\t: 16/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778945078", "to_ids": false, "type": "text", "uuid": "175876cd-1c8d-48a1-8fcb-776eec5ea63b", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:6/66\nFirst Submission:2025-11-03T05:03:26.000000+00:00\nLast Submission:2025-11-03T05:03:26.000000+00:00" } ] } ] } }