{ "Event": { "analysis": "1", "date": "2026-05-05", "extends_uuid": "", "info": "[Threat Intel] A rigged game: compromises gaming platform in a supply-chain attack", "protected": false, "publish_timestamp": "1779546381", "published": true, "threat_level_id": "2", "timestamp": "1779546381", "uuid": "db7f9dfd-de5e-49e9-93c9-ad0a6887cd52", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#6440db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Establish Accounts - T1585\"", "relationship_type": "" }, { "colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Environmental Keying - T1480.001\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#a9bb6d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Password Stores - T1555\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#9edfba", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1587.001\"", "relationship_type": "" }, { "colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#ad3992", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1584.004\"", "relationship_type": "" }, { "colour": "#30cc3b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#d596aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1195.002\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#8ee8d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#adf1b0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Proxy - T1090\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Upload Malware - T1608.001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#9dc839", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT37\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#5f0077", "local": false, "name": "ms-caro-malware:malware-platform=\"AndroidOS\"", "relationship_type": "" }, { "colour": "#7f009f", "local": false, "name": "ms-caro-malware:malware-platform=\"WinNT\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1532\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1429\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1481.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Call Log - T1636.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Supply Chain - T1474.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Contact List - T1636.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1533\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Download New Code at Runtime - T1407\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1646\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Foreground Persistence - T1541\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Location Tracking - T1430\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1406\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Messages - T1636.004\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1513\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1422\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1437.001\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1777978807", "to_ids": false, "type": "link", "uuid": "049726f9-7922-402f-947e-ebb35f6edf91", "value": "https://www.welivesecurity.com/en/eset-research/rigged-game-scarcruft-compromises-gaming-platform-supply-chain-attack/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1777978807", "to_ids": false, "type": "text", "uuid": "afac27eb-b396-45f6-b8ac-76cd3a6bdd17", "value": "North Korea-aligned APT group ScarCruft executed a multiplatform supply-chain attack targeting ethnic Koreans in China's Yanbian region, an area significant for North Korean refugees and defectors. Since late 2024, the group compromised a video gaming platform dedicated to Yanbian-themed games, trojanizing both Windows and Android components with the BirdCall backdoor. The Windows client received malicious updates leading to RokRAT and subsequently BirdCall deployment, while Android games were directly trojanized. This marks the first discovery of Android BirdCall, capable of comprehensive surveillance including data collection, screenshots, and voice recording. The campaign focuses on espionage against individuals of interest to the North Korean regime, particularly refugees and defectors." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1777978807", "to_ids": false, "type": "text", "uuid": "be9c03dd-2242-456e-bc59-5abdac9892a9", "value": "Name: A rigged game: compromises gaming platform in a supply-chain attack\nAuthor: AlienVault\nAdversary: APT37\nTags: [\"supply-chain attack\", \"birdcall\", \"android trojan\", \"yanbian targeting\", \"gaming platform compromise\"]\nTgtd countries: []\nMlwr families: [\"BirdCall\", \"ROKRAT - S0240\"]\nAttack_ids: [\"T1585\", \"T1046\", \"T1497\", \"T1480.001\", \"T1083\", \"T1082\", \"T1555\", \"T1005\", \"T1587.001\", \"T1056\", \"T1140\", \"T1584.004\", \"T1070.004\", \"T1195.002\", \"T1112\", \"T1113\", \"T1090\", \"T1608.001\", \"T1027\", \"T1059.003\", \"T1115\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1778369016", "to_ids": false, "type": "threat-actor", "uuid": "f8a36e15-8f1c-49f5-80ed-2678d8424e6d", "value": "ScarCruft", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT37\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625641", "to_ids": true, "type": "domain", "uuid": "ab3756a8-4f5b-45ea-8165-8dbbfa4f88be", "value": "zohomail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:13/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546373", "to_ids": true, "type": "sha1", "uuid": "f9e3fccf-ed9f-4126-a39d-cd383f4f3cf1", "value": "21ca0287ec5eaee8fb2f5d0542e378267d6ca0a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:13/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546375", "to_ids": true, "type": "sha1", "uuid": "efad88a7-5ed2-4566-aa1c-2f5d10e1f1b3", "value": "5b70453ab58824a65ed0b6175c903aa022a87d6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:13/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546377", "to_ids": true, "type": "sha1", "uuid": "4bc15688-cdd8-4215-b600-87d479dd669b", "value": "d9a369e328ea4f1b8304b6e11b50275f798e9d6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:13/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546379", "to_ids": true, "type": "sha1", "uuid": "0732a93c-57c6-4969-b268-900891795287", "value": "f9f6c0184cee9c1e4e15c2a73e56d7b927ea685b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625662", "to_ids": true, "type": "domain", "uuid": "889f97d5-b0b4-40ac-b9a0-0ddb5fb6fc6b", "value": "1980food.co.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Downloader leading to the RokRAT backdoor. No sample in VT\r\nLast check:13/05/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779546381", "to_ids": true, "type": "sha1", "uuid": "0bcd81ea-3145-4c9b-b4ae-939f76efb6c7", "value": "409c5acaed587f62f7e23da47f72c4d9ec3144d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625684", "to_ids": true, "type": "domain", "uuid": "0a3ee393-2eac-4b26-97b2-fc73ccdf879c", "value": "cndsoft.co.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625705", "to_ids": true, "type": "domain", "uuid": "8b38dac9-ecaf-4026-a4a7-f84021b0bac6", "value": "colorncopy.co.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625726", "to_ids": true, "type": "domain", "uuid": "d30b4af6-6f2b-4e39-98d2-674d9ef2a7f4", "value": "sejonghaeun.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625747", "to_ids": true, "type": "hostname", "uuid": "a3068421-afb8-475f-9c4b-90fe617a4b81", "value": "www.inodea.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625769", "to_ids": true, "type": "hostname", "uuid": "bc685c80-2009-4f97-aeee-d678e3b2c060", "value": "www.lawwell.co.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625790", "to_ids": true, "type": "domain", "uuid": "bf5078d2-096a-4959-8484-b7514f20d9e5", "value": "inodea.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625811", "to_ids": true, "type": "domain", "uuid": "9ec008b3-8e4c-4378-94d0-0e3ebcc044fd", "value": "sqgame.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625832", "to_ids": true, "type": "domain", "uuid": "23e2e00f-8352-4a17-9e61-4883a57aee20", "value": "sqgame.com.cn", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625853", "to_ids": true, "type": "hostname", "uuid": "9f3f35dd-9f9b-4582-ba34-55cd2c807ae0", "value": "www.sqgame.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625874", "to_ids": true, "type": "hostname", "uuid": "bc8d4005-c741-490a-ba08-9e5a7cd3a562", "value": "xiazai.sqgame.com.cn", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Compromised sqgame site hosting trojanized games and malicious updates.", "deleted": false, "disable_correlation": false, "timestamp": "1778625895", "to_ids": true, "type": "ip-dst", "uuid": "7c6f4555-2ea4-4ba2-a5c1-a41b7526c13e", "value": "39.106.249.68", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625917", "to_ids": true, "type": "hostname", "uuid": "5ea4ca27-353f-475d-be83-1a79e8b359c0", "value": "sqgame.com.cn", "Tag": [ { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Compromised South Korean site used to host Android BirdCall configuration.", "deleted": false, "disable_correlation": false, "timestamp": "1778625938", "to_ids": true, "type": "ip-dst", "uuid": "b76afcbb-4fb2-40aa-a538-b5293b422849", "value": "211.239.117.117", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778625959", "to_ids": true, "type": "hostname", "uuid": "5b18c9b2-1530-4da5-93c2-a51415380cfd", "value": "1980food.co.kr", "Tag": [ { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Compromised South Korean site used to host Android BirdCall configuration.", "deleted": false, "disable_correlation": false, "timestamp": "1778625980", "to_ids": true, "type": "ip-dst", "uuid": "5806a16c-3b39-4714-a003-fb736cb06897", "value": "114.108.128.157", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Compromised South Korean site used to host shellcode and clean mono library.", "deleted": false, "disable_correlation": false, "timestamp": "1778626001", "to_ids": true, "type": "ip-dst", "uuid": "d1239014-04a4-471e-82f8-fa61ed125b98", "value": "221.143.43.214", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Compromised South Korean site used to host shellcode.", "deleted": false, "disable_correlation": false, "timestamp": "1778626022", "to_ids": true, "type": "ip-dst", "uuid": "33b54a46-2b51-48e6-998d-e2a475bcddf3", "value": "222.231.2.20", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626043", "to_ids": true, "type": "hostname", "uuid": "2efa13dd-da95-43ab-8daf-06ee5825f649", "value": "colorncopy.co.kr", "Tag": [ { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626064", "to_ids": true, "type": "hostname", "uuid": "d87bb6ed-5745-4f84-b729-72d0b08fab6a", "value": "swr.co.kr", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Compromised South Korean site used to host clean mono library.", "deleted": false, "disable_correlation": false, "timestamp": "1778626085", "to_ids": true, "type": "ip-dst", "uuid": "d9ec84f9-9649-42bd-9409-da724ba08d7f", "value": "222.231.2.23", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Compromised South Korean site used to host shellcode.", "deleted": false, "disable_correlation": false, "timestamp": "1778626107", "to_ids": true, "type": "ip-dst", "uuid": "97a41dd5-c9da-4426-a60f-5e3c7d535396", "value": "222.231.2.41", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626128", "to_ids": true, "type": "hostname", "uuid": "c3a769b4-e317-49e5-85cf-2e52463f64a1", "value": "cndsoft.co.kr", "Tag": [ { "colour": "#669ae5", "local": false, "name": "AlreadyExistsError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626149", "to_ids": true, "type": "url", "uuid": "21ee2c81-1850-4bc2-9de8-684e02d93f89", "value": "http://www.lawwell.co.kr/upload/me.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626171", "to_ids": true, "type": "url", "uuid": "b723ca29-853a-48c8-93fb-bb45b7436a91", "value": "http://cndsoft.co.kr/jbcgi/zmSpamFree/Fonts/me.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626192", "to_ids": true, "type": "url", "uuid": "1acebd64-1a45-49a8-922a-989d96f28e38", "value": "http://colorncopy.co.kr/ino/FileUpload/Online/004313.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626213", "to_ids": true, "type": "url", "uuid": "3d43c566-4b77-4f31-a63e-58f4eb0400c1", "value": "http://sejonghaeun.com/board/data/notice/1458796029/passenger_logo.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626235", "to_ids": true, "type": "url", "uuid": "e37f2490-afe9-4d46-b1f7-f64744c7edc8", "value": "http://www.lawwell.co.kr/img/bgcontrol.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626256", "to_ids": true, "type": "url", "uuid": "0494d832-9e1c-4558-9796-7a4cc2bd7bb4", "value": "http://swr.co.kr/html/favicon.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626277", "to_ids": true, "type": "url", "uuid": "0ed196e4-796a-4415-918e-f330aea4027c", "value": "http://1980food.co.kr/board/userfiles/202387463_editor_image.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1778626298", "to_ids": true, "type": "url", "uuid": "d45fa434-4a52-438c-b415-cac031fdd75b", "value": "http://www.inodea.com/inobbs/data/ibd00_board2/11.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546350", "uuid": "e57e890d-2c60-4156-9028-8e9aef9280c1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546349", "to_ids": true, "type": "md5", "uuid": "2fc5adca-a16a-4bd6-a36e-a8c9e99103d0", "value": "1f3c8879349d5fcf973abbcee82fd069", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546350", "to_ids": true, "type": "sha1", "uuid": "0ac3202e-813d-4ca7-a059-75960551f44c", "value": "2c6cc71b7e7e4b28c2c176b504bc5bdb687c4d41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546350", "to_ids": true, "type": "sha256", "uuid": "5fb46852-520a-43a8-8119-0d1c74bf0840", "value": "88d7aa96f00bcec816130950f4b851dddb17dcac82a05485f024266dc98713b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778621901", "to_ids": true, "type": "ssdeep", "uuid": "202fac68-8e26-4032-a90a-5272d135146c", "value": "49152:ZGtlqy55lzjn5QX52bbC+B4x9xhMf+PZIU6i6TMKBPz:m5nnBej++e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778621901", "to_ids": false, "type": "size-in-bytes", "uuid": "5bc89a3f-ed31-48dc-9821-50f33bf35664", "value": "1852416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778621901", "to_ids": true, "type": "vhash", "uuid": "00e8165d-bd4b-495b-80ed-2eae17414637", "value": "016076656d556d155550b5z600987za047z31zf1zcbz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778621901", "to_ids": true, "type": "filename", "uuid": "c66e3c6c-2fba-4978-9c37-deebb6c522eb", "value": "1h33v8a8.exe" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778621901", "to_ids": false, "type": "text", "uuid": "86ef14d7-f71b-4e59-87df-79a89d5448e4", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:44/71\nFirst Submission:2025-09-07T06:25:25.000000+00:00\nLast Submission:2025-09-07T06:25:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546353", "uuid": "cdb50ee7-7834-43d2-96f3-2ae22003a4d6", "Attribute": [ { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.3.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546352", "to_ids": true, "type": "md5", "uuid": "dc9b37be-dd20-45e0-b213-ae5c2cb09041", "value": "7331602726f61959d8f0e7820d457370", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.3.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546352", "to_ids": true, "type": "sha1", "uuid": "65fa07ef-b095-4a10-8303-bdb3d57bdd47", "value": "03e3ece9f48cf4104aafc535790ca2fb3c6b26cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.3.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546353", "to_ids": true, "type": "sha256", "uuid": "acbec809-8592-4bac-82b8-29363b67fe68", "value": "33d887ca2e57fa03fc807dfba5376bf96718ee88f56e90d95ee4896a2c019bd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778621986", "to_ids": true, "type": "ssdeep", "uuid": "aa25646c-03f7-4009-9c2a-8f0873b4d6db", "value": "786432:LTOK8KPxadaT1twfJTupFFyRGsMjI9cO8GDB5oFit2/Dj2Jm3cNXSLsFD0fE55m:LTOXKPosT3OTbGznOB5vej2JhXEsgE5I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778621986", "to_ids": false, "type": "size-in-bytes", "uuid": "d92ece2c-1c64-4968-b324-959c32caaca4", "value": "49922402" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778621986", "to_ids": true, "type": "vhash", "uuid": "46581799-cab3-482f-bc02-0cf9343e008b", "value": "4e38ce7c934f9f670e3c9d8dbbb65d4e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778621986", "to_ids": true, "type": "filename", "uuid": "7fe27b66-b163-44be-becb-98ec9a62120c", "value": "ybht.apk" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778621986", "to_ids": false, "type": "text", "uuid": "cdf2a306-e525-41a4-b78e-4b81e94f034c", "value": "Trojanized game with Android BirdCall version 1.3.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:19/67\nFirst Submission:2025-03-03T13:27:37.000000+00:00\nLast Submission:2026-05-08T01:32:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546355", "uuid": "3fe1bf4b-c28d-43e1-86ca-b75f0bcba07d", "Attribute": [ { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 2.0.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546355", "to_ids": true, "type": "md5", "uuid": "a9ca9d72-06df-4cb8-b8c1-0ef284355af9", "value": "23a1eacad84be4f2c5830755b1948582", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 2.0.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546355", "to_ids": true, "type": "sha1", "uuid": "47e4e189-0fff-4438-bb37-00982c3442af", "value": "01a33066fbc6253304c92760916329abd50c3191", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 2.0.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546355", "to_ids": true, "type": "sha256", "uuid": "5a0a9514-237e-4a16-8030-4a0846bfb7c7", "value": "415b253a81e67c8c860a97c73edc9017ce732b3c025d943d3b1a445b4ac82822", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622007", "to_ids": true, "type": "ssdeep", "uuid": "b67e0259-427d-44ff-8194-08631dafa270", "value": "786432:VxSAncVf2HrTxONQDjJHm5BXIVhEKw/aHIqNorSYaVZACxihlDAVZj/12ycKM0im:VRm2HrT8+D1Hm5aVhBIkor+1xql8jjtr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622007", "to_ids": false, "type": "size-in-bytes", "uuid": "52740000-0633-4ebf-b624-95ac0ea2139d", "value": "43839521" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622007", "to_ids": true, "type": "vhash", "uuid": "ecd7929a-625e-4888-ba21-b0f4c1f8c775", "value": "e8ce44254cd636e2143426383c6ce9b9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622007", "to_ids": true, "type": "filename", "uuid": "29e09d99-c759-40ff-9029-9e0d98b4277b", "value": "2438987_sqybhs.apk" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622007", "to_ids": false, "type": "text", "uuid": "e596b545-2a13-4cd2-b132-ec7f3a50b105", "value": "Trojanized game with Android BirdCall version 2.0.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:21/68\nFirst Submission:2025-07-03T16:13:40.000000+00:00\nLast Submission:2025-07-03T16:13:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546358", "uuid": "ec21291d-dfae-4ace-9cf5-3ee6092465f4", "Attribute": [ { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.5.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546357", "to_ids": true, "type": "md5", "uuid": "3262adf4-904f-4d21-a8bc-8144e6d13c4d", "value": "a0830ce48537ba052f1d3b905d11a5bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.5.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546358", "to_ids": true, "type": "sha1", "uuid": "9b998126-b0ef-484d-93c2-aed9e4ca6557", "value": "2b81f78ec4c3f8d6cf8f677d141c5d13c35333af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.5.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546358", "to_ids": true, "type": "sha256", "uuid": "725b46c7-f9c6-4796-824c-1963e4b447bf", "value": "dfa9c6adac98311d0f62e0eeecb947d92f7bda41ddf4ce9a6f9e20af7990422d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622029", "to_ids": true, "type": "ssdeep", "uuid": "af246746-883b-410f-83e4-a84db4e89ad9", "value": "786432:11BOK8nPxad9ecAnfVf2HrTxONQDjJQm5BXIVhEKw/aHIqNorSYa88dC5SZdig9f:11BOXnPoa9d2HrT8+D1Qm5aVhBIkoraD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622029", "to_ids": false, "type": "size-in-bytes", "uuid": "788597d1-b317-4d79-b6fc-df12c13f142a", "value": "48444008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622029", "to_ids": true, "type": "vhash", "uuid": "b9384687-e2b0-4c5d-b7c4-fed6bd525765", "value": "27222bbbb05c991cbb46ab1a3758716e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622029", "to_ids": true, "type": "filename", "uuid": "8c123a3f-6d6f-422c-9d29-35ffeaaaccbd", "value": "2388878_sqybhs.apk" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622029", "to_ids": false, "type": "text", "uuid": "0c5701d9-46e2-40d9-a009-60460002315c", "value": "Trojanized game with Android BirdCall version 1.5.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:21/69\nFirst Submission:2025-03-13T13:15:01.000000+00:00\nLast Submission:2025-03-13T13:15:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546361", "uuid": "5233be92-3658-4a69-9e70-6734d9b827fa", "Attribute": [ { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.0.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546360", "to_ids": true, "type": "md5", "uuid": "7ac813c6-3468-4b1d-ae2b-b1f0f2bbc971", "value": "a48b62e55a692bf6d1046d2be64d7150", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.0.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546360", "to_ids": true, "type": "sha1", "uuid": "021225af-8035-428e-9af9-91145d9b24da", "value": "59a9b9d47ae36411b277544f25ad2cc955d8dd2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.0.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546361", "to_ids": true, "type": "sha256", "uuid": "2269797d-aecb-41b5-a812-8976ec2aaa28", "value": "5aa7afd790481ad98357636fa4d9927ae01111409c8d7ce69998d2485c1d5e6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622072", "to_ids": true, "type": "ssdeep", "uuid": "be3aa1fb-0e67-4800-9c44-b1a13d0ea738", "value": "786432:WcSfRJhNd/pTqtwfJTupFFyRG8YjI9cO81PsdgFWNyHLvaFmb0N/ydEdnMfE55l:WHfRFDT2OTbGDnVsd3SvaFx/eEQE55l" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622072", "to_ids": false, "type": "size-in-bytes", "uuid": "e487241b-985a-4f42-bf02-06e23b40e403", "value": "49836151" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622072", "to_ids": true, "type": "vhash", "uuid": "52d89365-6d83-4cfc-8803-b17631c8d50d", "value": "df2c7899ee07f9f6b6e245880d94839f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622072", "to_ids": true, "type": "filename", "uuid": "89a4acbe-e4e2-40c2-a4ac-7310b75b4052", "value": "2362741_ybht.apk" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622072", "to_ids": false, "type": "text", "uuid": "27347de6-f730-45f5-81ff-aff304ea54f6", "value": "Trojanized game with Android BirdCall version 1.0.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:19/67\nFirst Submission:2025-03-01T13:08:32.000000+00:00\nLast Submission:2025-03-03T06:46:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546363", "uuid": "b9734eeb-172c-461a-bb0d-118ed9d1406f", "Attribute": [ { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.0.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546363", "to_ids": true, "type": "md5", "uuid": "10c2ef22-ada4-4587-b703-0aba3ee1a8a5", "value": "72ac1287a8d71b27c437ec1f379ab506", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.0.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546363", "to_ids": true, "type": "sha1", "uuid": "3fe560f9-b5b4-46fe-955e-3c820df31f11", "value": "7356d7868c81499fb4e720f7c9530e5763b4c1d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.0.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546363", "to_ids": true, "type": "sha256", "uuid": "1c56831c-e0ad-48dd-b51c-45e36a499479", "value": "95cda8431419f77407484ab72dc1e356421dcd801eccabe8869f77ee0eb58eb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622094", "to_ids": true, "type": "ssdeep", "uuid": "a5671c4a-62c0-444e-95c6-cfcabad54369", "value": "786432:zSfRhhNd/QAn1Vf2HrTxONQDjJ7m5BXIVhEKw/aHIqNorSYaVbxCV6JtYbO1sPW2:GfRtbn2HrT8+D17m5aVhBIkorKIVOtGx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622094", "to_ids": false, "type": "size-in-bytes", "uuid": "0113015a-5c8d-474e-9f6b-d36eb0373b22", "value": "47009967" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622094", "to_ids": true, "type": "vhash", "uuid": "6a2d8ae0-81ee-4e52-bcb0-bfed5adea754", "value": "0cb83849e81da57874ab02305d2e3087" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622094", "to_ids": true, "type": "filename", "uuid": "cf847548-2965-447e-8aa3-50503e2342cc", "value": "2362819_sqybhs.apk" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622094", "to_ids": false, "type": "text", "uuid": "fe939231-a943-4506-92a4-c14978246af4", "value": "Trojanized game with Android BirdCall version 1.0.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:21/68\nFirst Submission:2025-02-27T14:42:16.000000+00:00\nLast Submission:2025-02-27T14:42:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546366", "uuid": "cbefbcc5-11ce-4cd3-81a6-9282ce8f8235", "Attribute": [ { "category": "Payload delivery", "comment": "Trojanized mono library.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546365", "to_ids": true, "type": "md5", "uuid": "291d0bb3-dc49-42cb-b17e-de12aacf8d0a", "value": "e862d56da1077be740ffaa7b5b699675", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized mono library.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546366", "to_ids": true, "type": "sha1", "uuid": "b2d836bb-73fc-42df-af44-cf3a7ea31003", "value": "95bdb94f6767a3cce6d92363bbf5bc84b786bdb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized mono library.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546366", "to_ids": true, "type": "sha256", "uuid": "69f38364-91e6-424f-a748-df2d7e857c68", "value": "751c8bda62110a0de6eb097f5c7955b1308f2d4acc2fc002a62cd9a59d59d912", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622115", "to_ids": true, "type": "ssdeep", "uuid": "b3a2b434-0944-4cda-a596-1410db032938", "value": "49152:+UreA+7osxvRZqEJocDeYqkFEmTLLNid8fTaUvDSiraCREmS9:CHZvoaJwPi/mF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622115", "to_ids": false, "type": "size-in-bytes", "uuid": "9cd55fc7-c9f2-493f-bea5-4e51da140497", "value": "2377216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622115", "to_ids": true, "type": "vhash", "uuid": "c8541b0a-ba8e-4703-9cf9-6bd6d6c9f25e", "value": "126056655d15556148zb57z60a053z23z3031z4264z2fd" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622115", "to_ids": false, "type": "text", "uuid": "a71e88ff-f14d-4360-a608-8d740d22bd0e", "value": "Trojanized mono library.\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:36/71\nFirst Submission:2025-03-18T10:52:43.000000+00:00\nLast Submission:2025-03-18T10:52:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546369", "uuid": "4c49969a-b033-4631-bf9e-292debb0e890", "Attribute": [ { "category": "Payload delivery", "comment": "Publicly available dump of Windows BirdCall backdoor.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546368", "to_ids": true, "type": "md5", "uuid": "8fc9be32-f668-45de-8113-578e49610a40", "value": "2d397a2ca2d3bfc9c7a509d04376547b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Publicly available dump of Windows BirdCall backdoor.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546368", "to_ids": true, "type": "sha1", "uuid": "30a8ab67-c3eb-4710-90cf-64525781cd66", "value": "b06110e0feb7592872e380b7e3b8f77d80dd1108", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Publicly available dump of Windows BirdCall backdoor.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546369", "to_ids": true, "type": "sha256", "uuid": "66a4dac0-95d1-411d-aaab-29838a2873ac", "value": "1b357efafbcf7d0fc7a94b81654982024255a38d9922a0ce2434b7e0e6287796", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622137", "to_ids": true, "type": "ssdeep", "uuid": "c179db8c-2a8b-4893-9d3f-2af4e1628d50", "value": "49152:1lqPEHmICDnMy1xuy+L+nWYmGzYbgbCN2zwRDVIj1d9PTZHIPI:1XrZanWYmG0hE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622137", "to_ids": false, "type": "size-in-bytes", "uuid": "a57fbee1-cd17-4bd5-bb24-8c7a73796543", "value": "3653632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622137", "to_ids": true, "type": "vhash", "uuid": "15dc23d9-c557-47ac-8d30-a0b160bdb211", "value": "13607e0e6e1e1e5e1e5019z13z1@z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622137", "to_ids": true, "type": "filename", "uuid": "cf2a2134-3fb4-4382-b3bb-9a17d8a423d0", "value": "wsl.exe.dll" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622137", "to_ids": false, "type": "text", "uuid": "8a0b8505-5307-4e94-bfaa-291abc510180", "value": "Publicly available dump of Windows BirdCall backdoor.\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Ravartar!rfn\nVT Total Detection:38/71\nFirst Submission:2024-07-15T07:30:45.000000+00:00\nLast Submission:2024-07-15T07:30:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779546371", "uuid": "136e338a-8659-402c-8fce-3896a220bd66", "Attribute": [ { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.5.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779546371", "to_ids": true, "type": "md5", "uuid": "b9d961bd-8080-4df2-9a85-b122bec5178c", "value": "3d3d2dc34f01bcf890f185a5421836c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.5.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779546371", "to_ids": true, "type": "sha1", "uuid": "4f38744b-c9a8-4856-a1f8-08e4ac1b9d08", "value": "fc0c691db7e2d2bd3b0b4c1e24d18df72168b7d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized game with Android BirdCall version 1.5.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779546371", "to_ids": true, "type": "sha256", "uuid": "0fdf49d6-9a0e-410f-b7e7-4388ed517dd8", "value": "185633e5dbe9235fc7e6a1ccb8631650afefd8f7da88c5c07d9b99ea38159822", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1778622159", "to_ids": true, "type": "ssdeep", "uuid": "20d28b50-a930-4e3c-8aa7-d852fa721587", "value": "786432:k3OK8fPxadMAntVf2HrTxONQDjJYm5BXIVhEKw/aHIqNorSYaPtHCFydFkHVpz/q:k3OXfPovv2HrT8+D1Ym5aVhBIkorWiFo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1778622159", "to_ids": false, "type": "size-in-bytes", "uuid": "4ce92f36-b6de-479c-853c-66bee8df4c4f", "value": "47100314" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1778622159", "to_ids": true, "type": "vhash", "uuid": "c168996f-5a80-4242-939a-af8a3c49172d", "value": "9bb2dda1415a7ea9144ff5f096533fee" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1778622159", "to_ids": true, "type": "filename", "uuid": "5d5d7caa-411f-4289-90d4-e833aa57efc8", "value": "sqybhs.apk.1.1.apk" }, { "category": "Other", "comment": "Checked: 13/05/2026\nLast-scan\t: 12/05/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1778622159", "to_ids": false, "type": "text", "uuid": "06ef82a0-a716-4617-a847-8467dee48ca3", "value": "Trojanized game with Android BirdCall version 1.5.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:22/68\nFirst Submission:2025-03-07T13:00:19.000000+00:00\nLast Submission:2026-05-11T06:00:20.000000+00:00" } ] } ] } }