{ "Event": { "analysis": "1", "date": "2026-04-07", "extends_uuid": "", "info": "[Threat Intel] North Korea's Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads", "protected": false, "publish_timestamp": "1776072063", "published": true, "threat_level_id": "2", "timestamp": "1776072062", "uuid": "df5094a3-139e-4dfe-a285-1b88940255d1", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#201172", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Software Dependencies and Development Tools - T1195.001\"", "relationship_type": "" }, { "colour": "#d3f567", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#4edbe6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Browser Information Discovery - T1217\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Upload Malware - T1608.001\"", "relationship_type": "" }, { "colour": "#8ed4a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#7d37d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#ec8ba3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Managers - T1555.005\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#3909cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#18005e", "local": false, "name": "rectifyq:topic=\"supply-chain\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted/Encoded File - T1027.013\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Financial Theft - T1657\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1775646010", "to_ids": false, "type": "link", "uuid": "157580ea-72ca-47fd-a3c0-6826cf3ea8fa", "value": "https://socket.dev/blog/contagious-interview-campaign-spreads-across-5-ecosystems", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1775646010", "to_ids": false, "type": "text", "uuid": "e610cdca-98b9-4bb3-b063-15de7763ca7c", "value": "A North Korean threat operation has published malicious packages across npm, PyPI, Go Modules, crates.io, and Packagist, impersonating legitimate developer tooling. The campaign uses GitHub aliases including golangorg and aokisasakidev to distribute staged malware loaders that contact actor-controlled infrastructure, retrieve payloads from Google Drive, and deliver platform-specific second-stage malware. The loaders are hidden behind normal-looking API functions in logging and utility libraries. Windows variants include full remote access trojans with capabilities for shell execution, keylogging, browser and wallet theft, sensitive file collection, and AnyDesk deployment. The operation demonstrates coordinated cross-ecosystem supply chain attacks with shared infrastructure patterns, reused extraction directories, and consistent staging logic across multiple programming languages." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1775646010", "to_ids": false, "type": "text", "uuid": "9ae31d07-4d05-4c07-875c-b7c530e48db7", "value": "Name: North Korea's Contagious Interview Campaign Spreads Across 5 Ecosystems, Delivering Staged RAT Payloads\nAuthor: AlienVault\nAdversary: Contagious Interview\nTags: [\"developer tooling\", \"staged loader\", \"pypi npm\", \"rat\", \"cryptocurrency wallet\", \"contagious interview\", \"north korea\", \"supply chain attack\", \"credential theft\", \"cross-ecosystem\"]\nTgtd countries: []\nMlwr families: []\nAttack_ids: [\"T1195.001\", \"T1059.007\", \"T1083\", \"T1041\", \"T1071.001\", \"T1082\", \"T1105\", \"T1217\", \"T1608.001\", \"T1555.003\", \"T1059.006\", \"T1036.005\", \"T1555.005\", \"T1140\", \"T1005\", \"T1119\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1775646010", "to_ids": false, "type": "threat-actor", "uuid": "c01b38aa-7559-47b7-96ba-ac1c6a61840f", "value": "Contagious Interview" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:13/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776018387", "to_ids": true, "type": "sha256", "uuid": "cbb401d8-732d-4b98-be7b-71ccfd7481a0", "value": "7c5adef4b5aee7a4aa6e795a86f8b7d601618c3bc003f1326ca57d03ec7d6524", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023536", "to_ids": true, "type": "domain", "uuid": "6428de78-9a9e-4d65-9ec7-af3feb5e76f4", "value": "self.run", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023557", "to_ids": true, "type": "url", "uuid": "cc374e97-9c10-4f2d-86a5-cc5f8fb8fae5", "value": "github.com/golangorg/formstash", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023578", "to_ids": true, "type": "url", "uuid": "b6053839-2853-4193-a62c-c12ef80a6252", "value": "github.com/aokisasakidev/mit-license-pkg", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023599", "to_ids": true, "type": "hostname", "uuid": "c8338c6b-798d-4123-bea3-723c1c6cd0f0", "value": "apachelicense.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023620", "to_ids": true, "type": "hostname", "uuid": "bafc3423-9e43-45b2-9f04-04641e9955b3", "value": "ngrok-free.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023642", "to_ids": true, "type": "hostname", "uuid": "47182e6f-acf3-4918-876b-27c871ad7d0b", "value": "logkit.onrender.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023663", "to_ids": true, "type": "hostname", "uuid": "0053f860-53b3-4e76-b301-b5101f46a83f", "value": "logkit-tau.vercel.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023685", "to_ids": true, "type": "ip-dst", "uuid": "8a1d5e4b-8e63-436f-8b70-8d817ba6d30a", "value": "66.45.225.94", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023706", "to_ids": true, "type": "url", "uuid": "09770190-3700-4e67-b32b-2734f7bfcf58", "value": "drive.google.com/file/d/", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023727", "to_ids": true, "type": "url", "uuid": "cb21c17f-a3cf-4d39-ba96-1d0abce2798a", "value": "drive.usercontent.google.com/download?id=", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776007099", "to_ids": true, "type": "email-src", "uuid": "05724b78-f52a-4b2c-b294-5ef25a782f37", "value": "aokisasaki1122@gmail.com" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776007099", "to_ids": true, "type": "email-src", "uuid": "712b049a-b0b5-486f-ba98-7e2afc16b2db", "value": "shiningup1996@gmail.com" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023750", "to_ids": true, "type": "url", "uuid": "d5b32db6-8441-4e90-8024-fb7201529b2a", "value": "https://github.com/golangorg", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023771", "to_ids": true, "type": "url", "uuid": "5bc3daef-e94f-4c26-ad7d-3604a8de72b2", "value": "https://github.com/aokisasakidev", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023792", "to_ids": true, "type": "url", "uuid": "3403a1cb-9a42-4dae-9a6c-8f4e9cc772b7", "value": "https://github.com/maxcointech1010", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776023813", "to_ids": true, "type": "url", "uuid": "3d06b3eb-7204-4f39-b61e-bed99ddbc859", "value": "https://github.com/maxcointech0000", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776023835", "uuid": "675ec49b-f245-4e3a-be6c-f88bde85a21e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776023835", "to_ids": true, "type": "md5", "uuid": "0ba93497-33ce-43f0-8493-f6ad12f94455", "value": "f072e036669027428cb7c8048f54c6f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018385", "to_ids": true, "type": "sha1", "uuid": "baa08137-b407-4880-86e6-77b38bd839b1", "value": "35b41c7ea02cdba2aa960311634728faa2488e53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018385", "to_ids": true, "type": "sha256", "uuid": "9b34e4ab-5cb6-4211-ae9a-aae8d84a39b2", "value": "9a541dffb7fc18dc71dbc8523ec6c3a71c224ffeb518ae3a8d7d16377aebee58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776010920", "to_ids": true, "type": "ssdeep", "uuid": "c8c5f4ed-d092-46c9-9a24-abc139b18e91", "value": "196608:mI6GJceF9lHKYVYFGKenm1kFO2xt8ydcJICnTcUc4moPJO:JNNHEhSm1kFdtrQcUc4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776010920", "to_ids": false, "type": "size-in-bytes", "uuid": "4797e2f2-af56-4936-be5e-b3d8ed9c81a3", "value": "33788824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776010920", "to_ids": true, "type": "vhash", "uuid": "7169661b-7974-44e1-9bc9-fc940d4cd61d", "value": "b984ff614b93bc2ee7e6fd41fbb739f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776010920", "to_ids": true, "type": "filename", "uuid": "f4d4c3ea-6159-4bfa-a535-e04a731d553a", "value": "systemd-resolved" }, { "category": "Other", "comment": "Checked: 13/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776010920", "to_ids": false, "type": "text", "uuid": "5baa438d-788e-4f6a-9d67-f24e065f8d6b", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:14/65\nFirst Submission:2026-03-26T21:13:23.000000+00:00\nLast Submission:2026-03-26T21:13:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776023856", "uuid": "816c0616-e85b-4a74-84d0-946e1c9cdb49", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776023856", "to_ids": true, "type": "md5", "uuid": "c8ccdfdc-b464-4614-9d6d-2d7cb52ee882", "value": "53a1928314fde2e8f19eaa09f3df0721", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776018386", "to_ids": true, "type": "sha1", "uuid": "5790ca33-ddd2-469c-9a83-9aa6877f4229", "value": "e206e91956d652123325c6c78e99e5cd64cb72e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776018386", "to_ids": true, "type": "sha256", "uuid": "86cf94de-a73b-4daf-8903-a80d2064c1ca", "value": "bb2a89001410fa5a11dea6477d4f5573130261badc67fe952cfad1174c2f0edd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776010942", "to_ids": true, "type": "ssdeep", "uuid": "a9f922a0-ea16-4d72-ab24-39f3ebc40253", "value": "98304:7aKcuo8Z60e1f0h/ecktr59jrBRN/tPr5Zefw6pNfGNpK9V+zu/3PQPTu3dXGzyR:coCJHNdUKjMd1j0maD1R+nG27y+GJQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776010942", "to_ids": false, "type": "size-in-bytes", "uuid": "ac79795a-c20c-48a2-b026-f4f2163091b0", "value": "26656992" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776010942", "to_ids": true, "type": "vhash", "uuid": "378d2c42-acf2-4df7-b96e-78d16714808f", "value": "ad355d63ab65ad882c36c45069b52ec1" }, { "category": "Other", "comment": "Checked: 13/04/2026\nLast-scan\t: 10/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776010942", "to_ids": false, "type": "text", "uuid": "950755b8-70bc-4716-abea-1aa24d0d1280", "value": "Type Description: Mach-O\nMicrosoft: Trojan:MacOS/Multiverze!rfn\nVT Total Detection:15/64\nFirst Submission:2026-03-26T21:17:25.000000+00:00\nLast Submission:2026-04-07T07:20:12.000000+00:00" } ] } ] } }