{ "Event": { "analysis": "1", "date": "2026-04-23", "extends_uuid": "", "info": "[Threat Intel] Foxit Impersonation: Fake PDF Installer Deploys VNC", "protected": false, "publish_timestamp": "1779545434", "published": true, "threat_level_id": "3", "timestamp": "1779545434", "uuid": "c7c3cda0-42e8-4ba1-bdbe-df7ac69310b1", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#6af4de", "local": false, "name": "misp-galaxy:producer=\"G DATA\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#343cd4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"VNC - T1021.005\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#e76389", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hide Artifacts - T1564\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": "" }, { "colour": "#7eb739", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Msiexec - T1218.007\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": "" }, { "colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#8196ba", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#2cfe4e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Template Injection - T1221\"", "relationship_type": "" }, { "colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#49a260", "local": true, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": true, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": true, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": true, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776999611", "to_ids": false, "type": "link", "uuid": "9c8655eb-2b07-4059-bc65-e1c2f8f58256", "value": "https://blog.gdatasoftware.com/2026/04/38409-fake-foxit-vnc" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1776999611", "to_ids": false, "type": "text", "uuid": "cd095d89-94e3-4f67-9ba0-32b689d1bc08", "value": "Attackers are leveraging the trusted reputation of Foxit PDF Reader, used by over 650 million people, to distribute malicious installers disguised as legitimate software. Rather than exploiting vulnerabilities, threat actors impersonate the vendor through fake installers with document-themed filenames that bypass user suspicion. When executed, these files display decoy passport images while downloading malicious MSI packages that deploy UltraVNC remote access tools disguised as GPU drivers. The attack establishes persistence through registry modifications and firewall exceptions, connecting to attacker-controlled infrastructure for complete remote system control. Telemetry indicates broad distribution across Germany, the United States, the United Kingdom, and Ukraine. This campaign demonstrates how brand impersonation combined with social engineering proves more effective than technical exploits, relying on user trust and behavioral patterns rather than software vulnerabilities." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1776999611", "to_ids": false, "type": "text", "uuid": "2362db28-da2c-40f5-8e15-4a64fb793436", "value": "Name: Foxit Impersonation: Fake PDF Installer Deploys VNC\nAuthor: AlienVault\nAdversary: \nTags: [\"brand abuse\", \"document decoy\", \"ultravnc\", \"social engineering\", \"trojanized installer\", \"foxit impersonation\", \"remote access\"]\nTgtd countries: [\"United States of America\", \"Germany\", \"Ukraine\", \"United Kingdom of Great Britain and Northern Ireland\"]\nMlwr families: [\"UltraVNC\"]\nAttack_ids: [\"T1021.005\", \"T1036.005\", \"T1564\", \"T1204.002\", \"T1071\", \"T1053\", \"T1218.007\", \"T1036\", \"T1218\", \"T1021\", \"T1112\", \"T1204\", \"T1060\", \"T1547.001\", \"T1027\", \"T1059.003\", \"T1221\", \"T1027.002\", \"T1105\"]\nIndustries: []" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545432", "to_ids": true, "type": "sha256", "uuid": "5500368d-7aee-4250-bcf4-6d4f87410561", "value": "87e168467d409be8c3aa8e67d3bc90a10b9769e2f63a0e1bad6b906bfd87ef61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779545434", "to_ids": true, "type": "sha256", "uuid": "ceddc494-d3cf-4f95-ba70-0468059c0f61", "value": "bba4e6028ffa239375d7778b2b5b138b52af0d6a2cfdc99dbadab53373a570f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777610758", "to_ids": true, "type": "url", "uuid": "1bbc4e71-a4da-4f18-9f65-b45e32816940", "value": "http://hallonews.servemp3.com:5500", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777610779", "to_ids": true, "type": "url", "uuid": "6c566259-161a-458e-b32b-72b4855c79ee", "value": "https://juneuk25.cfd/personalfoxypdf.msi", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "On port 5500", "deleted": false, "disable_correlation": false, "timestamp": "1777610800", "to_ids": true, "type": "hostname", "uuid": "a770815a-051b-497c-831f-10b15c42d6b3", "value": "hallonews.servemp3.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545425", "uuid": "46f52215-bd71-4e5a-a3ce-2cfa7f48a18f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545424", "to_ids": true, "type": "md5", "uuid": "00341032-99ef-4656-a6c3-34930a7b2993", "value": "8e4aca0e510ea932b616f77d767ca5a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545424", "to_ids": true, "type": "sha1", "uuid": "87032ef7-f859-45b3-8574-608f21c1d31f", "value": "e067eac14eafde7ccd99f83ec21fa09a6cfe601a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545425", "to_ids": true, "type": "sha256", "uuid": "a3374bd7-4412-455d-ac2a-743542858ee8", "value": "37c5723aeb725b1aec98da1f776fd841176c687d8ad5c2a14a6ebd831f1615d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777607980", "to_ids": true, "type": "ssdeep", "uuid": "8e2439ce-3dd1-40ff-8173-bab4746a3750", "value": "49152:ZQd1EzE2JV2Ln97hRZtpAMSP/px4568YM+GmuwdGZEN12DKgtQBLb3ZLOLxYaEw8:ZQd1EzZJV2RtRp3SZx456jM5mldG812B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777607980", "to_ids": false, "type": "size-in-bytes", "uuid": "d861f8ac-047a-4d16-b8a0-186617ad2874", "value": "2560000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777607980", "to_ids": true, "type": "vhash", "uuid": "ce941146-7859-4760-979b-9b601f6891e8", "value": "4333ab3d7dd4fcc3736dd7c53f2f874f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777607980", "to_ids": true, "type": "filename", "uuid": "f01e474a-f832-46aa-a7ec-7ade145ba04e", "value": "_37c5723aeb725b1aec98da1f776fd841176c687d8ad5c2a14a6ebd831f1615d1.fpx.infected" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 26/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777607980", "to_ids": false, "type": "text", "uuid": "e1af2350-d349-4fb7-bde1-c80fb8365bcf", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:30/62\nFirst Submission:2025-11-17T11:05:15.000000+00:00\nLast Submission:2025-11-28T07:11:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545427", "uuid": "3430eeb3-4250-4822-9955-1b7e2921b80d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545426", "to_ids": true, "type": "md5", "uuid": "9e798e85-366f-4111-ab86-9138547cb51c", "value": "d6829f4abe09dba254d560f91f56f83b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545427", "to_ids": true, "type": "sha1", "uuid": "f1fe882a-4fa0-45a4-9c55-9ece2113e154", "value": "72230761f27a0d8482c795b1101887cac7acb9d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545427", "to_ids": true, "type": "sha256", "uuid": "b420d74f-7365-4875-95d1-ec7436f2ff87", "value": "b7dbab109e5bf3afffba5571366602154f3ea37053ec210dd3e030d0fcb2dbaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608002", "to_ids": true, "type": "ssdeep", "uuid": "bebf47c4-c81b-46fb-9dcb-4f707f729e3b", "value": "49152:2FilJpFDSfJ7nvNgzcEnl99Ia3DjZbZdKwmrUIAUA/Jo9:3nDSgl53DtBG9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608002", "to_ids": false, "type": "size-in-bytes", "uuid": "9cfc6380-7b6a-4a0d-89b5-e821746eaa9a", "value": "3098056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608002", "to_ids": true, "type": "vhash", "uuid": "05dad441-86a0-450d-a97b-40f3cd9177e7", "value": "036076655d1565155552f4z2700dc7z37z701008f032z1b7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608002", "to_ids": true, "type": "filename", "uuid": "24c80e60-70fa-4b57-be43-c5e9ce2d70bd", "value": "WinVNC.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 30/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608002", "to_ids": false, "type": "text", "uuid": "53fe656f-666e-45d2-823e-52a2e4afb85c", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:4/71\nFirst Submission:2024-06-17T13:14:38.000000+00:00\nLast Submission:2026-03-12T18:44:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779545430", "uuid": "1f8d1ab3-3536-41b1-9d22-e5210df52b8c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779545429", "to_ids": true, "type": "md5", "uuid": "816d1cb4-cd6d-481c-82ff-ec157bcb9ec2", "value": "34ea936136838b5d495f22cac978928b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779545429", "to_ids": true, "type": "sha1", "uuid": "076b9e77-a133-46a5-8aa4-5dc320c9960f", "value": "d12bfc7fc0014642b5ba5bb7ed63c3542f3b9e0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779545430", "to_ids": true, "type": "sha256", "uuid": "313708bd-29b9-4377-9a4e-f810b6b7bc8d", "value": "08b9cbdae903faf88b8027a12eee29265ff9b192b63aaa371d3d095b8ec00de5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1777608025", "to_ids": true, "type": "ssdeep", "uuid": "7aebc1f5-4b12-4d7e-9b3e-1c86862e7000", "value": "98304:RO0FRb32wODKXz2rmbJU3s6ZghjtmB2P3/CLpkagLGV3bDPWYQf0T8:RO0FRb32wOD02SbJU3ZgrwP3bze1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1777608025", "to_ids": false, "type": "size-in-bytes", "uuid": "fe766840-5440-447e-a6d7-8dc8f9f4cbb2", "value": "5258714" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1777608025", "to_ids": true, "type": "vhash", "uuid": "76760fb7-7afe-4f1f-b1e7-f2f76a6f1c14", "value": "056076655d1d1d05156azcc!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1777608025", "to_ids": true, "type": "filename", "uuid": "a9cbe4ee-2892-4b0a-9e44-ad1e73729024", "value": "personalfoxypdf.exe" }, { "category": "Other", "comment": "Checked: 01/05/2026\nLast-scan\t: 27/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1777608025", "to_ids": false, "type": "text", "uuid": "c0c14c5c-2b9f-4da2-9da2-2d1952b54697", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:38/71\nFirst Submission:2025-10-22T12:11:11.000000+00:00\nLast Submission:2025-11-17T11:51:14.000000+00:00" } ] } ] } }