{ "Event": { "analysis": "1", "date": "2026-03-18", "extends_uuid": "", "info": "[Threat Intel] Iran \u2014 US/Israel Conflict, how is it impacted Malaysia Organisation?", "protected": false, "publish_timestamp": "1776070482", "published": true, "threat_level_id": "2", "timestamp": "1774048909", "uuid": "12ec4fe2-55a7-4cd4-b7d4-f3acf5d223e0", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"israel\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT35\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT42\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Cyber Av3ngers\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Fox Kitten\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"OilRig\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773998366", "to_ids": false, "type": "link", "uuid": "0ff6e1c9-bfc2-41fc-9836-d527dce4f471", "value": "https://medium.com/@StampedeOps/iran-us-israel-conflict-how-is-it-impacted-malaysia-organisation-8ec8e3535959" }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028208", "to_ids": true, "type": "domain", "uuid": "d8d0a647-19ac-4b68-8b71-d4449b1aa973", "value": "stratioai.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028229", "to_ids": true, "type": "domain", "uuid": "d51910cf-2f23-4f4a-b1e9-001896edae3f", "value": "moodleuni.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028250", "to_ids": true, "type": "hostname", "uuid": "fff84912-bcf4-419f-b36f-b7c9361309c9", "value": "nomercys.it.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028272", "to_ids": true, "type": "domain", "uuid": "296dcdd1-a6c8-4a5b-9ccb-a0a4a7c8bf2e", "value": "bootcamptg.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028293", "to_ids": true, "type": "hostname", "uuid": "81ffbbc8-e2dd-47f8-ba14-238321ae292b", "value": "sso.moodleuni.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028314", "to_ids": true, "type": "domain", "uuid": "3cd97a64-5b73-4d16-9848-7df608eeee5d", "value": "bookairway.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028336", "to_ids": true, "type": "hostname", "uuid": "4f5ae9d8-6782-4a06-9d29-e1c1662dce1d", "value": "sso.facetalk.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028357", "to_ids": true, "type": "domain", "uuid": "71303c4a-f64b-41f2-8817-8423e62deb69", "value": "netivtech.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028379", "to_ids": true, "type": "domain", "uuid": "6e5070a8-07b0-4a9b-b1eb-6b46fda0b9de", "value": "processplanet.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028400", "to_ids": true, "type": "domain", "uuid": "966f2469-51fd-4199-ab33-58c126b94cdc", "value": "screenai.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028421", "to_ids": true, "type": "domain", "uuid": "64559377-7c7c-41a3-9ea8-9a3091e01044", "value": "pharmacynod.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028443", "to_ids": true, "type": "domain", "uuid": "e7ff9893-2cdd-4d6e-9b25-98b578dfacfa", "value": "facetalk.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028465", "to_ids": true, "type": "domain", "uuid": "5203d00d-03b0-4dbe-a5b1-cb0b8f162110", "value": "photosjournalism.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028486", "to_ids": true, "type": "ip-dst", "uuid": "a2725cdd-c107-47c7-a72c-ef3568d89b45", "value": "165.227.82.147", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028507", "to_ids": true, "type": "ip-dst", "uuid": "a9edc9d1-0908-4248-a2ba-b3c178417393", "value": "194.11.246.101", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028529", "to_ids": true, "type": "ip-dst", "uuid": "28970b45-6884-4412-95d5-ed4ac29485f0", "value": "157.20.182.49", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028552", "to_ids": true, "type": "ip-dst", "uuid": "7ce22a21-9306-4357-8834-92075d15acbb", "value": "161.35.228.250", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028573", "to_ids": true, "type": "ip-dst", "uuid": "587f3d1e-7c96-4bca-9ab8-c8a750c52409", "value": "195.20.17.189", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028594", "to_ids": true, "type": "ip-dst", "uuid": "9340d128-157c-4bbf-bc75-ec62ccaf87bb", "value": "62.106.66.112", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028616", "to_ids": true, "type": "ip-dst", "uuid": "7d7204f2-91b2-4b51-9b8f-8027c7f91987", "value": "159.198.68.25", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028638", "to_ids": true, "type": "ip-dst", "uuid": "6b9d5ee6-6c60-4b2a-abe4-aafa7dd55236", "value": "159.65.227.190", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028659", "to_ids": true, "type": "ip-dst", "uuid": "520a4ebd-8c65-43de-80ab-7c85d985fc65", "value": "18.116.63.2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028681", "to_ids": true, "type": "ip-dst", "uuid": "a71ce720-df10-4952-baf2-bc7a4ab60009", "value": "209.74.87.100", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028702", "to_ids": true, "type": "ip-dst", "uuid": "56d62fdd-350f-4ca0-9dcf-89d001da271c", "value": "35.175.224.64", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028723", "to_ids": true, "type": "ip-dst", "uuid": "0ca378f0-2463-4e7b-a247-2d002914325b", "value": "159.198.66.153", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028745", "to_ids": true, "type": "ip-dst", "uuid": "ef4c6de1-26b6-42d3-b2d4-2bda65f47a0c", "value": "143.198.5.41", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028767", "to_ids": true, "type": "ip-dst", "uuid": "3fe921ff-d602-436c-ad2d-3dee3e719d2c", "value": "18.223.24.218", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "timestamp": "1774028788", "to_ids": true, "type": "ip-dst", "uuid": "7e469aee-c278-42ad-8a34-e4e6e78242c7", "value": "185.128.139.4", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028106", "to_ids": true, "type": "sha1", "uuid": "527660c1-7d86-47fd-8553-b917ad7dd42c", "value": "2d5b8da0d0719e6f8212497d7e34d5f1b1fa6776", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028107", "to_ids": true, "type": "md5", "uuid": "63a6de26-2ef0-41cd-a214-bd38a6a31be7", "value": "8db7338c487143a4d43ed1a22fec49a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028108", "to_ids": true, "type": "md5", "uuid": "b6e31244-a325-426e-abd7-6867c89a453f", "value": "f5dd107eaca971f24effbaf598119ca1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028110", "to_ids": true, "type": "sha1", "uuid": "e2e3eb1c-31e4-479f-9df2-aac3f4100796", "value": "4d6bf3834e9afb8e3c3861bf2ad64a68d9c7d870", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028111", "to_ids": true, "type": "md5", "uuid": "cb1b662c-17f1-4ec2-b694-aec14ad2e06a", "value": "943981571f4e095063850c26158835b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028111", "to_ids": true, "type": "md5", "uuid": "a65b60d9-f60d-4e05-a958-d75a5e25f726", "value": "25d3a014c332aaa3adce429d0e714e31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028113", "to_ids": true, "type": "md5", "uuid": "bc479a70-296e-4921-9133-539939066007", "value": "7d887893a6107d7ae902e6771f30e080", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028114", "to_ids": true, "type": "md5", "uuid": "defeadbb-0889-4ada-98e6-6a53e8ab0c26", "value": "63080b45ca4978fb5d2d71387dbaf610", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028116", "to_ids": true, "type": "md5", "uuid": "9f6ba2c5-1e8a-4eb7-8cce-fc2f2010a93b", "value": "a933c623e3b047292efd55e0e424c732", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028117", "to_ids": true, "type": "sha1", "uuid": "27d3ef0c-7683-4cb1-8924-3ae1e1cdedc4", "value": "544bf4f9e5fdb4d35987b4c25f537213ce3c926a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028119", "to_ids": true, "type": "md5", "uuid": "71161a42-1ff2-481e-a038-c026a7388ce7", "value": "67e09818d1aa650896a432b1de54d376", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35 No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028120", "to_ids": true, "type": "md5", "uuid": "6775004f-896f-4259-a233-5fb49915419d", "value": "424f887f651371aa3058cf7c8e908d2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "timestamp": "1774028810", "to_ids": true, "type": "domain", "uuid": "d55a2cc7-ded3-4733-a511-6919aeabcf54", "value": "unityprogressall.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "timestamp": "1774028832", "to_ids": true, "type": "domain", "uuid": "15699ccc-85bd-4ab5-be58-9fd19f7962a0", "value": "transfergocompany.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "timestamp": "1774028853", "to_ids": true, "type": "domain", "uuid": "e7518dfa-8726-4bdc-945c-52a46eb52ff8", "value": "defenceprodindia.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "timestamp": "1774028876", "to_ids": true, "type": "domain", "uuid": "de55aa29-a767-49ef-9ad8-2c0c24084872", "value": "mojavemassageandwellness.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "timestamp": "1774028897", "to_ids": true, "type": "domain", "uuid": "330c9eb2-2043-4c61-a8f2-86a314aa73f7", "value": "supervisor-intendant.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "timestamp": "1774028918", "to_ids": true, "type": "ip-dst", "uuid": "f02a9ed7-b350-4ce0-ba17-354b57bd751c", "value": "185.132.176.13", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "timestamp": "1774028940", "to_ids": true, "type": "ip-dst", "uuid": "06e101e3-d9e7-43d1-b127-6b54ca2a8e3b", "value": "195.160.220.202", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "timestamp": "1774028962", "to_ids": true, "type": "ip-dst", "uuid": "76a59993-90e3-46bc-9f4b-285f4159fb45", "value": "1.235.222.140", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774028984", "to_ids": true, "type": "hostname", "uuid": "c55bc323-2455-4097-aa16-f4c8d0bc05f6", "value": "whatsapp-meeting.duckdns.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029006", "to_ids": true, "type": "hostname", "uuid": "a0b91c05-321d-4cfb-b25d-61efe7798da0", "value": "whatsapp-meet.duckdns.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029027", "to_ids": true, "type": "hostname", "uuid": "08244abe-5e7f-4699-92b8-535e3e1c3bc2", "value": "meet-join.duckdns.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029048", "to_ids": true, "type": "hostname", "uuid": "72bd3a37-2246-4e28-b079-39c7d6b5094c", "value": "whatsapp-join-meet.duckdns.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029070", "to_ids": true, "type": "domain", "uuid": "3b7a3544-2812-43fb-8871-bf99ff45f86f", "value": "meet-safe.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029091", "to_ids": true, "type": "hostname", "uuid": "7f362ade-f63b-4300-8e8c-596d9a6270fd", "value": "meet-login.duckdns.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029112", "to_ids": true, "type": "domain", "uuid": "7e441c5a-a822-4dc3-beea-daaecfda83c6", "value": "act-rights-gaming.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029134", "to_ids": true, "type": "hostname", "uuid": "33d968dc-5bf9-4dd6-b339-dd8845d68b43", "value": "book.good-while.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029155", "to_ids": true, "type": "domain", "uuid": "b03beefc-6560-49dd-86be-f8c8344ed89a", "value": "net-vision.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029176", "to_ids": true, "type": "domain", "uuid": "f3ef0a05-0d61-45e9-abb0-831c51344c2b", "value": "join-host-room.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029197", "to_ids": true, "type": "domain", "uuid": "082e99ac-b8af-46be-8ceb-eaf9ec02690f", "value": "joining-inside-space.world", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029219", "to_ids": true, "type": "domain", "uuid": "87e3a49c-e6c3-4463-b286-b19f75c3f473", "value": "forward-goal-inner.digital", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029240", "to_ids": true, "type": "hostname", "uuid": "58e7ad24-f737-4b2a-a7e4-031b7dcfac04", "value": "www.whatsapp-meet.duckdns.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029261", "to_ids": true, "type": "domain", "uuid": "e902d17a-bf98-4d20-89e9-a277e86e99fc", "value": "accord-room-check.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029283", "to_ids": true, "type": "domain", "uuid": "6bc6a064-cda9-4946-881b-eab0f0bb49ee", "value": "joining-room-host.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029305", "to_ids": true, "type": "domain", "uuid": "a85c5f65-9fbf-45eb-aa20-1cca45a3f90e", "value": "net-works.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029326", "to_ids": true, "type": "domain", "uuid": "a792a898-27b2-4fbb-a23f-a28043cebe46", "value": "re-shrt98.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029348", "to_ids": true, "type": "domain", "uuid": "77e8e039-e52a-4d37-874e-b4901c2de362", "value": "first-step.space", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029369", "to_ids": true, "type": "domain", "uuid": "703bcd47-67a0-405b-aa0d-d1cb61a84c13", "value": "tiny-name.cyou", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "timestamp": "1774029391", "to_ids": true, "type": "domain", "uuid": "7ff0eec2-45c3-43be-a735-c5ee9f9c70b4", "value": "bonjour-ills.christmas", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028121", "to_ids": true, "type": "md5", "uuid": "0aacd719-7db1-4a0b-b498-c9482197814d", "value": "59f636854f5a511945eb4870cce6a85b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028122", "to_ids": true, "type": "sha1", "uuid": "6d8632a6-bf26-40bc-9f9b-64c3e5cc97b6", "value": "786379bb3c0e3ea6ec7d7af88d109994c20bb849", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028124", "to_ids": true, "type": "md5", "uuid": "7c3c1595-d490-4822-bdce-47c638d49554", "value": "923cefd8623c495b31415e0775c099c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028125", "to_ids": true, "type": "sha256", "uuid": "9d63c597-c238-42e9-a01b-d3ff31332e41", "value": "e12acf1b58b633d090b7e9828b0790502c9b9cd2df51a6863319912d2152dbc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028126", "to_ids": true, "type": "sha256", "uuid": "b9a0be09-6918-499b-8681-e8f117459ce6", "value": "c0786c60e92be76cb9f9b3da5f53d5e8b999b2c86a73e94d793070f2b96f852e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028128", "to_ids": true, "type": "sha256", "uuid": "70e91344-a681-424d-b282-2bcfbfa5ab33", "value": "30c4ff83d5dc3d4c5be77283defce614f6310339705b039cae022bdde72dec38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028129", "to_ids": true, "type": "sha1", "uuid": "56acb629-1af8-4642-9196-6fb240e7d707", "value": "86969bc9f13c6359c54151432f3819301074164c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028130", "to_ids": true, "type": "md5", "uuid": "b8abef2b-b908-4fdf-98c3-e48898c4d8e0", "value": "9dcf203b7d87698d678cf9df42ab4ac0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028131", "to_ids": true, "type": "md5", "uuid": "ec4f46bf-2a89-4973-aaed-1d777873e776", "value": "56401106c49609c526e218a4a4103fee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028133", "to_ids": true, "type": "sha1", "uuid": "d7ccb41c-08f0-48c2-b4c4-be69c5ae0ad1", "value": "def5cb2d480d058902b7cc2f6c0915afd972ad0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028133", "to_ids": true, "type": "sha256", "uuid": "d92592b3-b283-44cd-ac41-7867379e87e2", "value": "9885c4343942163087fbbea7939bec38702086e0f737c97deb288e8d3e6f140a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028134", "to_ids": true, "type": "md5", "uuid": "afed918d-c84c-4f53-a111-e2bda4b898af", "value": "9e7f2b5e0c5b164f2c62b412a9a91cbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028135", "to_ids": true, "type": "sha256", "uuid": "2d5d4b8c-1311-4c03-be5e-c3d64246f8dd", "value": "a841c8179ac48bdc2ebf1e646d4f552d9cd02fc79207fdc2fc783889049f32bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028137", "to_ids": true, "type": "sha256", "uuid": "81bc28d9-e84a-44f7-8812-f4590048e65f", "value": "ea10bc8c77446c9a7eb4720df656a465e3cf4edb40a2c5cacd7f6b665960ccda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028138", "to_ids": true, "type": "sha1", "uuid": "daa8e40c-08c8-4521-be3f-c1a5bd86704e", "value": "5d3ddb0e95725974b6034f19cfaef2d6ebd69c87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028139", "to_ids": true, "type": "md5", "uuid": "c3b40d67-2224-4e65-a9da-7411a0a7ed8a", "value": "03f2b01a9bc670ce6f2a2a50d5c08b22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028140", "to_ids": true, "type": "sha1", "uuid": "d374fa07-def7-42a5-a2c4-2eaeb8dc15a2", "value": "ddc5bdace73c1754d87d9ea1c545a0cb9112789b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028142", "to_ids": true, "type": "sha256", "uuid": "23024fa6-872a-4c05-9eea-2619507bd680", "value": "9208034af160357c99b45564ff54570b1510baf3bc033999ae4281482617ff5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028143", "to_ids": true, "type": "sha1", "uuid": "8f7050bb-fff4-4b41-a595-f9b1696fc208", "value": "e6a1157020746cf487799ad344a5b1a603052f0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028144", "to_ids": true, "type": "md5", "uuid": "c8014357-ada9-4117-93f9-becdc170b39f", "value": "669437838a13bf783d6ff1574274e5b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028146", "to_ids": true, "type": "sha1", "uuid": "96a2b896-7b13-4431-8c09-0cadbef3d1c5", "value": "b6e4db5df0f92783341267dedea4fdc5530e4a4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028147", "to_ids": true, "type": "sha1", "uuid": "275abfea-d02d-4a24-a22c-d355ccc3b421", "value": "bbe681caebf5711ffc366d09097c7c587e212ebb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028147", "to_ids": true, "type": "sha1", "uuid": "69377c4c-418a-4c17-bcf5-8d59c2ab3871", "value": "f7ec27cd5b05a66b263f620402c39c2b7d2f23ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028149", "to_ids": true, "type": "md5", "uuid": "54cfaf57-6180-43d0-beb8-f38df4295b96", "value": "07ab4dd676f477e9f93be1a325073d93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028150", "to_ids": true, "type": "sha256", "uuid": "70e4f76e-33cc-4291-9c65-70e459513108", "value": "27ae97933a4dd955a7e928be0efa361907c088076837446ada5642bd32500627", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028152", "to_ids": true, "type": "sha256", "uuid": "49c1f994-25be-4f48-b3e3-3beda329234c", "value": "1c4147fb6edf4075102432716c6a62711b5c57599c6a22a20eda61321023a429", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028153", "to_ids": true, "type": "sha1", "uuid": "efa50801-8444-40ef-8427-f66e8722b980", "value": "28e04219b84d36243cfa03320ab0b9677bc9fd1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028154", "to_ids": true, "type": "sha1", "uuid": "e045a55e-73b1-4b26-8f94-8e9fb8b4a955", "value": "5d573209939c737a829dac72383062d9965a8fa3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028155", "to_ids": true, "type": "md5", "uuid": "1f77e8f4-bd8e-4165-a275-7815d915f23e", "value": "04f9274c62c612342e74f868fc3069f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028156", "to_ids": true, "type": "sha256", "uuid": "78ab2d99-7e66-45d2-a2ce-a4e4665e931e", "value": "903638cceca0718c586739cb822ca396f84693bc3e9b3d07daff5c09f0a5b2a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028158", "to_ids": true, "type": "sha256", "uuid": "cabf7233-b0b3-4208-9256-ce825aefe408", "value": "a87b96ae9a31ec92e29a48a522ef9554d02ce74db7cb6cd4b133fff07c5b258e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028160", "to_ids": true, "type": "sha256", "uuid": "2feb6ee3-31e9-4573-ac6b-65efce2933a2", "value": "64892920b813f61eab4797bd60e3fc79a810354e2318061b252dfc027bf72329", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028161", "to_ids": true, "type": "sha1", "uuid": "653dca65-9ed7-4308-b645-e6c75b5ea02d", "value": "efb7b3c47ae74663f153a4b091abfa841c15ea7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028163", "to_ids": true, "type": "sha1", "uuid": "894b8507-3924-4a25-bb2e-2164ac5cd7c5", "value": "876fd4e9676ef914bbaf3bbaf7d97e368290e09c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028164", "to_ids": true, "type": "sha1", "uuid": "c4c4f905-9274-4744-89a6-fb8f280c21c2", "value": "10f64f4a976195e25587713c4f754b46b61849cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028165", "to_ids": true, "type": "sha1", "uuid": "e69429a5-b446-4cbe-93f7-fa479b8704a1", "value": "cf7399acf378c147e706f90e924015ef47cdb364", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028167", "to_ids": true, "type": "md5", "uuid": "cf720b92-9170-468c-85c6-53d03e8bca1b", "value": "42c497d2b9b43061482d2544c6d09d14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE No sample in VT\r\nLast check:21/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1774028168", "to_ids": true, "type": "md5", "uuid": "2ce4e100-7593-4801-a80e-7e00a2ce1027", "value": "167f4e92fb3d937bd6a7ded14bf076e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "timestamp": "1774029412", "to_ids": true, "type": "domain", "uuid": "ffd546fc-7c4f-41cb-98a7-451266a1bd9e", "value": "encoremir.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "timestamp": "1774029434", "to_ids": true, "type": "hostname", "uuid": "86a08915-e26e-43b7-b5bd-b8d75761732e", "value": "apps.gist.githubapp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "timestamp": "1774029455", "to_ids": true, "type": "ip-dst", "uuid": "0341901e-653a-4051-b91e-878a538ccc5c", "value": "66.55.159.84", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "timestamp": "1774029476", "to_ids": true, "type": "ip-dst", "uuid": "49d72ab1-c9f3-4eea-ae6d-007206ee94f6", "value": "64.176.165.175", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "timestamp": "1774029498", "to_ids": true, "type": "ip-dst", "uuid": "c7ee0187-75aa-4131-be37-b890f6adbd1f", "value": "5.255.100.203", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999568", "to_ids": false, "type": "threat-actor", "uuid": "c5f80775-81ad-40f6-aad7-703784f8bfe9", "value": "MuddyWater", "Tag": [ { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#e00500", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#98f3da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#9edfba", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1587.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Multi-Stage Channels - T1104\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1518.001\"", "relationship_type": "" }, { "colour": "#b9ca9e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1583.004\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999784", "to_ids": false, "type": "threat-actor", "uuid": "78a4c87f-f483-4a15-9f2e-8db14a0eda70", "value": "APT35", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": "" }, { "colour": "#71ecdb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Manipulation - T1098\"", "relationship_type": "" }, { "colour": "#866c0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Active Scanning - T1595\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": "" }, { "colour": "#b206a3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Accounts - T1586\"", "relationship_type": "" }, { "colour": "#f055aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Create Account - T1136\"", "relationship_type": "" }, { "colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": "" }, { "colour": "#5c59c9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Accounts - T1586.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1564.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#a0d02a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing for Information - T1598\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#b9ca9e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1583.004\"", "relationship_type": "" }, { "colour": "#efb098", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Social Media Accounts - T1585.001\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1598.003\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Portal Capture - T1056.003\"", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999913", "to_ids": false, "type": "threat-actor", "uuid": "ebea53db-6ebc-4c71-a2c9-6630b785129f", "value": "APT42", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#cf2da1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Develop Capabilities - T1587\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted/Encoded File - T1027.013\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Org Information - T1591\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#9edfba", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1587.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1518.001\"", "relationship_type": "" }, { "colour": "#b9ca9e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1583.004\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": "" }, { "colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#98f3da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773999997", "to_ids": false, "type": "threat-actor", "uuid": "227c3356-56a7-47ed-8f83-03abb17e2ae1", "value": "APT34", "Tag": [ { "colour": "#f9132d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Accounts - T1585.002\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#efb098", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Social Media Accounts - T1585.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#2c1d2e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Checks - T1497.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#5c57c8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774004770", "to_ids": false, "type": "threat-actor", "uuid": "0d303268-1519-438a-9b3f-5f17aea093a2", "value": "Parisite", "Tag": [ { "colour": "#0aebeb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"LSASS Memory - T1003.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#4bc785", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Hollowing - T1055.012\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1774004867", "to_ids": false, "type": "threat-actor", "uuid": "cecfa467-a916-423b-a9c8-4004733d3a7f", "value": "CyberAv3ngers", "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted/Encoded File - T1027.013\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Accounts - T1078.003\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#251b6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obtain Capabilities - T1588\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"", "relationship_type": "" }, { "colour": "#e8825f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\"", "relationship_type": "" }, { "colour": "#2c1d2e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Checks - T1497.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#edf46c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029519", "uuid": "54e1ef10-bc45-49da-b0b8-3a71592300ec", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029519", "to_ids": true, "type": "md5", "uuid": "6415a53d-34a7-4489-8d74-3bd1fe5e2875", "value": "f6a4c531e92cbdd5ffac75c76939d7f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027905", "to_ids": true, "type": "sha1", "uuid": "7fe01ec0-a60d-4937-b845-f34df85953b9", "value": "c9e280d8ee3b8a0ab28e59671de2f889ba5f0bed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027905", "to_ids": true, "type": "sha256", "uuid": "34829dea-e5e0-4068-86c2-a410c9cf725e", "value": "4e80bd62d02f312b06a0c96e1b5d1c6fd5a8af4e051f3f7f90e2976580842515", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023295", "to_ids": true, "type": "ssdeep", "uuid": "161f4910-7b3e-40e9-90c4-c5ae2b4ebbf0", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KE9T:w9mzytc/CKDllTllCeue6STzdT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023295", "to_ids": false, "type": "size-in-bytes", "uuid": "c7eb2238-4ac3-4fee-9fd9-5dd39af9f381", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023295", "to_ids": true, "type": "vhash", "uuid": "75b3139c-6107-4c2b-847e-a063b8ff901f", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023295", "to_ids": true, "type": "filename", "uuid": "96056830-41e6-491d-8658-9f45c33ac13f", "value": "4b4e80.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023295", "to_ids": false, "type": "text", "uuid": "94ac09aa-2729-499f-a3e1-ca3dc1cd195e", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:29/63\nFirst Submission:2022-11-14T07:26:38.000000+00:00\nLast Submission:2022-11-14T07:26:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029540", "uuid": "d59ac639-1d80-46a7-bdf2-02cfe0ed07b5", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029540", "to_ids": true, "type": "md5", "uuid": "e0efc195-97f7-4413-af6b-c3e570b6178d", "value": "c89671f994af65677aa48b699a01fe9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027906", "to_ids": true, "type": "sha1", "uuid": "01bef09e-08b6-4ded-93c5-78272a897325", "value": "ba914f8cb3dd889b4222512dde990ac1e6a3518f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027907", "to_ids": true, "type": "sha256", "uuid": "9eb074de-f762-4315-883d-87eafaf3d9ff", "value": "76ab046de18e20fd5cddbb90678389001361a430a0dc6297363ff10efbcb0fa8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023318", "to_ids": true, "type": "ssdeep", "uuid": "ae5de295-7d7f-41ed-a8c1-cdb1c3d669bb", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KENT:w9mzytc/CKDllTllCeue6STztT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023318", "to_ids": false, "type": "size-in-bytes", "uuid": "9c0501cf-6eb4-46cd-897e-f02c11fa75ca", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023318", "to_ids": true, "type": "vhash", "uuid": "71860297-e38f-4526-87e2-d4f7e912bac6", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023318", "to_ids": true, "type": "filename", "uuid": "275d8747-3e8d-4de7-a4ce-ce46fb4dbcf5", "value": "5cccd6.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023318", "to_ids": false, "type": "text", "uuid": "2b7ed502-eab7-4f6c-be9e-ce89f0e34853", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:27/63\nFirst Submission:2022-09-20T13:05:40.000000+00:00\nLast Submission:2022-12-28T10:20:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029563", "uuid": "53fdca26-7aa4-4b93-87e6-55a3dc6f8eca", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029563", "to_ids": true, "type": "md5", "uuid": "d48d8882-975f-43c8-912b-76fa6258f5f2", "value": "2ed6ebaa28a9bfccc59c6e89a8990631", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027908", "to_ids": true, "type": "sha1", "uuid": "c6e0f816-4a87-4ee2-aaaa-730e6d3ed00f", "value": "da2c86bf111cb63d657728b90ec5b80de13d946c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027908", "to_ids": true, "type": "sha256", "uuid": "2cfd6d96-157f-43e7-a672-94b0422a2f0e", "value": "aa282daa9da3d6fc2dc6d54d453f4c23b746ada5b295472e7883ee6e6353b671", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023341", "to_ids": true, "type": "ssdeep", "uuid": "b1f02739-8918-44e4-a799-9a51e23d1628", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEwT:w9mzytc/CKDllTllCeue6STzQT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023341", "to_ids": false, "type": "size-in-bytes", "uuid": "dcbc8533-ad58-4c24-bf88-5f3ee4cbe113", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023341", "to_ids": true, "type": "vhash", "uuid": "2562439e-b4ea-46a5-9dcc-73c735e36395", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023341", "to_ids": true, "type": "filename", "uuid": "66e2efe9-cb5c-4cfa-9250-ba29a6701f58", "value": "malam.com.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023341", "to_ids": false, "type": "text", "uuid": "4e416b2e-e4e4-4738-a777-30b8e9c97db0", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:27/62\nFirst Submission:2022-11-14T09:32:32.000000+00:00\nLast Submission:2024-08-28T06:03:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029585", "uuid": "7f48f2aa-1ff8-4327-91ba-c2da95a9ea14", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029585", "to_ids": true, "type": "md5", "uuid": "5be9ed47-3c6a-469c-9ee3-c4a54fe63fe5", "value": "cd555279b6438260ec71b32e4d02cd9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027909", "to_ids": true, "type": "sha1", "uuid": "e92da3ba-6034-4d1f-ada1-5497d162e518", "value": "b9b4d3f3095cd87c634ece27f14bd59a6d425375", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027910", "to_ids": true, "type": "sha256", "uuid": "84915976-a4a4-45cc-90c0-895cea72af9c", "value": "3d1e43682c4d306e41127ca91993c7befd6db626ddbe3c1ee4b2cf44c0d2fb43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023364", "to_ids": true, "type": "ssdeep", "uuid": "2d99991d-72a5-43e7-b542-a48551f1b643", "value": "24576:viJcz366cGXUEUQMTK8toGE30orysPXd6:viJSK6cGpUQHFEY8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023364", "to_ids": false, "type": "size-in-bytes", "uuid": "7a4bb04e-29da-4a25-ad04-76a111e4ce23", "value": "1318908" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023364", "to_ids": true, "type": "vhash", "uuid": "6e9dc635-9278-4e3f-82ee-010b630b6dda", "value": "016066655d1555155053zb2z721z1059zacz137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023364", "to_ids": true, "type": "filename", "uuid": "cd080756-264f-48bc-9add-8add474b42f3", "value": "cloud.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023364", "to_ids": false, "type": "text", "uuid": "f86cee33-8e37-469a-9b62-b72a93d48f9f", "value": "IoCs related to MuddyWater\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/RustyStealer.A!AMTB\nVT Total Detection:52/72\nFirst Submission:2025-12-07T05:57:14.000000+00:00\nLast Submission:2025-12-07T13:27:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029606", "uuid": "f146342f-2de8-4d2d-9d2d-1ed7472f2e12", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029606", "to_ids": true, "type": "md5", "uuid": "1e713c1e-a1af-4b64-bfee-0ba952dc9556", "value": "ef6ec560efd05d21976a6fd3f489e206", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027911", "to_ids": true, "type": "sha1", "uuid": "eb7e4cea-f138-4761-82dc-3f27c89cea5a", "value": "cc7afffdb88729a5e977fa8f75a898d09624f54a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027911", "to_ids": true, "type": "sha256", "uuid": "c4d861c6-909e-44ac-a2ae-fe65fb2825d4", "value": "2ae6c5c2b71361f71ded4ad90bbf6ef0b0f4778caf54078c928e2017302fbe69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023386", "to_ids": true, "type": "ssdeep", "uuid": "c4ae619b-f64c-4aec-b4af-8fc2437a69e0", "value": "49152:u51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:uPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023386", "to_ids": false, "type": "size-in-bytes", "uuid": "ec6dbf20-4d51-430e-83d2-0fd0552019bc", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023386", "to_ids": true, "type": "vhash", "uuid": "1ae23cc5-ecf0-4cda-9630-ddefdf0a97a6", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023386", "to_ids": true, "type": "filename", "uuid": "80d6d25d-2a8f-4f94-b8bb-562ef5c1113f", "value": "4d33da.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023386", "to_ids": false, "type": "text", "uuid": "1a3e5fce-fd7f-4752-bd4b-a283b77754dd", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:22/64\nFirst Submission:2024-03-08T09:39:04.000000+00:00\nLast Submission:2024-03-08T09:39:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029632", "uuid": "f84b805f-d4c9-449f-98eb-2617632811a9", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029632", "to_ids": true, "type": "md5", "uuid": "16dcd070-252f-41fe-ad19-93747d32d108", "value": "4c169dde3bc184c42ca7a712a61c6f3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027912", "to_ids": true, "type": "sha1", "uuid": "ada64ba9-c7d7-488c-b2da-0dddecee5e0a", "value": "5b2c6e056d7430de881396e6bd96b59e4415428a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027913", "to_ids": true, "type": "sha256", "uuid": "e3323e41-5765-4781-b22e-4e842f1ae6ca", "value": "433b47f40f47bea0889423ab96deb1776f47e9faa946e7c5089494ed00c6cc29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023409", "to_ids": true, "type": "ssdeep", "uuid": "eb9ed8e2-4036-4393-b56b-81ef0a1eeef8", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEzT:w9mzytc/CKDllTllCeue6STzTT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023409", "to_ids": false, "type": "size-in-bytes", "uuid": "23019e91-df19-44ca-8de8-84c749e4bb15", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023409", "to_ids": true, "type": "vhash", "uuid": "27172ff8-e874-4a1d-b719-ab2f1767a749", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023409", "to_ids": true, "type": "filename", "uuid": "f78c4a96-84f2-4db3-91d7-52e71cb6d4a7", "value": "668491.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023409", "to_ids": false, "type": "text", "uuid": "4466dca8-260e-45a5-8166-5b33270d9ae5", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:26/63\nFirst Submission:2022-10-31T09:58:43.000000+00:00\nLast Submission:2022-10-31T09:58:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029654", "uuid": "04bf4ea0-e991-4f4a-83b6-1c1d1c68158e", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029654", "to_ids": true, "type": "md5", "uuid": "0ef3d85e-1d24-413e-b1bc-9a6cf595ab28", "value": "d2b0785b69f8578bdddf039634507f47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027914", "to_ids": true, "type": "sha1", "uuid": "73788a77-dac0-418e-81bd-93980b8da598", "value": "014c2534b99c73eb30b659c08e8b2d063f21ffc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027914", "to_ids": true, "type": "sha256", "uuid": "0b1744cd-a711-4bfb-b60c-6f9a27fd75a7", "value": "76aad2a7fa265778520398411324522c57bfd7d2ff30a5cfe6460960491bc552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023431", "to_ids": true, "type": "ssdeep", "uuid": "64e418c9-b6a0-4bd2-95be-36835ccd7872", "value": "24576:mY97DkXCl6mchTj6QZ0sedNOX7Prm4M3fbVaVHqkP3O55+D1K:Z76CQm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023431", "to_ids": false, "type": "size-in-bytes", "uuid": "ef601cc4-bcd4-4f60-9f1b-d95846fb837c", "value": "2977792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023431", "to_ids": true, "type": "vhash", "uuid": "fc5141a1-4e00-4cc8-86c3-321beb676668", "value": "fe43cc098163d8fb4f1b2b088de0949b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023432", "to_ids": true, "type": "filename", "uuid": "111b0be3-858f-4edb-ac8f-891295312efc", "value": "76aad2a7fa265778520398411324522c57bfd7d2ff30a5cfe6460960491bc552.docx" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023432", "to_ids": false, "type": "text", "uuid": "1ccca526-2bff-42a2-930d-34645d5ee117", "value": "IoCs related to MuddyWater\r\nType Description: Outlook\nMicrosoft: Trojan:Win32/Suschil!rfn\nVT Total Detection:33/62\nFirst Submission:2026-01-06T13:13:53.000000+00:00\nLast Submission:2026-02-20T18:05:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029676", "uuid": "671869f9-ccc7-4609-a5ee-b38f5948400a", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029676", "to_ids": true, "type": "md5", "uuid": "8647866e-7522-4e81-b190-22e90b9f4ecf", "value": "7da3d206519086f2725494b3ab095fbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027916", "to_ids": true, "type": "sha1", "uuid": "24ce2153-583a-4dda-b64b-330c95249630", "value": "7d53dbb3f703608a68dc25a5212fc93627b3d3f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027916", "to_ids": true, "type": "sha256", "uuid": "d1312e06-3e08-423b-bb86-265a7ecebb40", "value": "a35a1c92c001b59605efd318655d912f2bcd4e745da2b4a1e385d289e12ee905", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023454", "to_ids": true, "type": "ssdeep", "uuid": "b8f06952-817e-411d-a6df-b65fd43a84b3", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEYT:w9mzytc/CKDllTllCeue6STz4T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023454", "to_ids": false, "type": "size-in-bytes", "uuid": "d97805a5-db6f-453c-b86a-d615b5a1c9f9", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023454", "to_ids": true, "type": "vhash", "uuid": "743e103c-3f9f-4777-9978-98f0dc7f69b6", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023454", "to_ids": true, "type": "filename", "uuid": "066dedaf-f4cf-410b-839c-d3aacf5c2b41", "value": "a35a1c92c001b59605efd318655d912f2bcd4e745da2b4a1e385d289e12ee905.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023454", "to_ids": false, "type": "text", "uuid": "1b980901-3914-42da-800d-bbf69d94ac28", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:27/63\nFirst Submission:2022-10-17T06:45:58.000000+00:00\nLast Submission:2023-10-26T09:41:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029697", "uuid": "0f52dd9b-6204-445e-b603-356d95855587", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029697", "to_ids": true, "type": "md5", "uuid": "c59f062f-8011-4dae-a53d-ce4c99cd6a37", "value": "68352f61da6e3236c4fe760997a981ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027918", "to_ids": true, "type": "sha1", "uuid": "f8002a99-e842-422e-8c44-510c21403cc7", "value": "e2d16fdf836d5697cba2223ae288e756df319406", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027918", "to_ids": true, "type": "sha256", "uuid": "2f906071-2060-4510-b9cc-5b79053eea52", "value": "2a5f74e8268ad2d38c18f57a19d723b72b2dadd11b3ab993507dd2863d18008d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023477", "to_ids": true, "type": "ssdeep", "uuid": "abe1a744-fb2e-4a04-b1d0-a541e727b14b", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEfT:w9mzytc/CKDllTllCeue6STz/T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023477", "to_ids": false, "type": "size-in-bytes", "uuid": "c47d9e10-1115-4933-9e6c-c6a8fe0c703c", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023477", "to_ids": true, "type": "vhash", "uuid": "ae2788ad-1aad-4282-a562-6c319773d91f", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023477", "to_ids": true, "type": "filename", "uuid": "be324694-f4c7-44c9-8c30-de8e7a46976c", "value": "Ertiqa.msi\u2014\u20141" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023477", "to_ids": false, "type": "text", "uuid": "b9a12769-c110-46ee-a057-6bfd42c84546", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:29/63\nFirst Submission:2022-11-24T10:22:50.000000+00:00\nLast Submission:2026-02-11T06:13:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029719", "uuid": "977a6006-b250-4785-b4d5-95deb2849d31", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029719", "to_ids": true, "type": "md5", "uuid": "da6fe49f-60f1-43d8-b11a-f784bde02aa1", "value": "3a95186019af1943a0ea0f8eb07a288f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027919", "to_ids": true, "type": "sha1", "uuid": "1724e23c-b744-472c-8866-a11d904f610f", "value": "b7e56f4b31f4fdbe844c3d4a4156f1d0e3b3ea97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027920", "to_ids": true, "type": "sha256", "uuid": "ea50deb7-5f8b-4af2-bd81-f6b3b3dc697d", "value": "f38a56b8dc0e8a581999621eef65ef497f0ac0d35e953bd94335926f00e9464f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023499", "to_ids": true, "type": "ssdeep", "uuid": "efcf07b0-7793-4573-ac8f-244e1a1990d9", "value": "24576:J97DkXCl6mchTj6QZ0sedNOX7Prm4M3fbVaVHqkP3O55+D1K:b76CQm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023499", "to_ids": false, "type": "size-in-bytes", "uuid": "0c16fb48-8705-467d-9901-2279878e3d6c", "value": "2923520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023499", "to_ids": true, "type": "vhash", "uuid": "7db704a3-ba88-4115-9736-21b5125bfbe2", "value": "6e1d7e785d8c02f6c5360417e338b7e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023499", "to_ids": true, "type": "filename", "uuid": "dc903a89-83ef-482e-974e-71eaed57e0e5", "value": "Cybersecurity.doc" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023499", "to_ids": false, "type": "text", "uuid": "ff51b7cd-d260-42b8-80e8-3b6a350c96c0", "value": "IoCs related to MuddyWater\r\nType Description: MS Word Document\nMicrosoft: TrojanDownloader:O97M/MuddyWater.GVA!MTB\nVT Total Detection:39/63\nFirst Submission:2026-01-06T07:58:40.000000+00:00\nLast Submission:2026-03-15T10:25:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029740", "uuid": "0c185eb3-ed60-44a4-b50e-c1bd7afe5b87", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029740", "to_ids": true, "type": "md5", "uuid": "04d4ed9a-2a77-437a-b345-52d75bb51346", "value": "404f5b1ff4ed035c6178d1789192c4d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027922", "to_ids": true, "type": "sha1", "uuid": "becba42c-0946-46a2-b333-bd743db6df30", "value": "6bad2c491e9101796ae0530701b23f05193c7ca7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027922", "to_ids": true, "type": "sha256", "uuid": "3ed56659-0e6b-403c-a882-6c2ec8bba8d6", "value": "42ad0c70e997a268286654b792c7833fd7c6a2a6a80d9f30d3f462518036d04c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023522", "to_ids": true, "type": "ssdeep", "uuid": "7d5834d3-f313-4550-a43f-57f23c3f3640", "value": "24576:bNfoT3/QPvpFAEkgRk+5gQTAj8FUNuheLrDSr+AtU5KJLh:bNfor/QP3EAB5H8jduALrDSr+AtU5KJt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023522", "to_ids": false, "type": "size-in-bytes", "uuid": "8aa75512-364a-4e4f-896b-886cd428fa26", "value": "1319084" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023522", "to_ids": true, "type": "vhash", "uuid": "8314d3cd-5a57-4c87-80b9-623e041efd84", "value": "016066655d1555155053zb2z773z61z15za01az137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023522", "to_ids": true, "type": "filename", "uuid": "ed4f4cd9-6411-45bf-bd9e-b78e62a5daad", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023522", "to_ids": false, "type": "text", "uuid": "da64e235-6ca0-4ef9-9a87-52056de74006", "value": "IoCs related to MuddyWater\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/TroyStealer.SE!MTB\nVT Total Detection:52/72\nFirst Submission:2025-11-25T15:34:46.000000+00:00\nLast Submission:2025-11-27T02:24:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029761", "uuid": "82005eb0-9e9f-4980-a1a8-10fbb95ca2ff", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029761", "to_ids": true, "type": "md5", "uuid": "785c9973-6e9a-4cdc-96f4-856ede3cb5d9", "value": "74e75830252220cbbe7e3adec4340d2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027924", "to_ids": true, "type": "sha1", "uuid": "72e84bea-5713-4f52-bffa-8b35155ddbe8", "value": "b4f5555d5b934b927de4950131952e17e7194665", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027924", "to_ids": true, "type": "sha256", "uuid": "9589e030-a023-4e9b-896c-8a36eac3665c", "value": "a2001892410e9f34ff0d02c8bc9e7c53b0bd10da58461e1e9eab26bdbf410c79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023545", "to_ids": true, "type": "ssdeep", "uuid": "610ae3f5-9c93-41cc-a57d-3809bc7644b4", "value": "24576:FNfoT3/QPvpFAEkgRk+5gQTAj2FUNu3eLrDSr+AtU5KJL:FNfor/QP3EAB5H8jXuOLrDSr+AtU5KJL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023545", "to_ids": false, "type": "size-in-bytes", "uuid": "8f883d6a-1bad-4b16-a91a-cd72f0d915a9", "value": "1308672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023545", "to_ids": true, "type": "vhash", "uuid": "7637e5a6-8f68-47d6-8964-4ba4dc0cb9e1", "value": "016066655d1555155053zb2z773z61z15za01az137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023545", "to_ids": true, "type": "filename", "uuid": "5a018055-36b2-4ccf-8177-d36eb87baa7c", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023545", "to_ids": false, "type": "text", "uuid": "12c16a3d-62d4-4c16-afaa-282f302309e5", "value": "IoCs related to MuddyWater\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/TroyStealer.SE!MTB\nVT Total Detection:54/72\nFirst Submission:2025-11-17T10:24:09.000000+00:00\nLast Submission:2026-01-10T20:11:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029783", "uuid": "d4d8b560-f16a-43b5-80d4-d6427460f5f0", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029783", "to_ids": true, "type": "md5", "uuid": "4d169d83-05c7-4783-af1f-72fcf942a7b5", "value": "c5c0829df294cc4fd701df5d5c55718f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027925", "to_ids": true, "type": "sha1", "uuid": "44290e4d-063e-4dbd-b5ee-a4759d64d19c", "value": "fd581050fe011ff6e71463c9dcc68de14571ef04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027926", "to_ids": true, "type": "sha256", "uuid": "46a75713-08b8-4181-b504-735299277941", "value": "e217c48c435a04855cf0c439259a95392122064002d4881cf093cc59f813aba8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023567", "to_ids": true, "type": "ssdeep", "uuid": "3eaa86b4-1b24-449f-931b-142e8132d9db", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEqT:w9mzytc/CKDllTllCeue6STzKT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023567", "to_ids": false, "type": "size-in-bytes", "uuid": "e90784ec-cd45-47ec-a84b-b5174839a7df", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023567", "to_ids": true, "type": "vhash", "uuid": "5f47bad2-3988-45cf-ab96-1f3da48f58d8", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023567", "to_ids": true, "type": "filename", "uuid": "773ff9ca-70cb-4cc0-b3c3-8d8ea09e8ed7", "value": "MOJJORDAN.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023567", "to_ids": false, "type": "text", "uuid": "07024bed-d2c8-4af9-90ee-663f31d1169c", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:30/63\nFirst Submission:2022-10-24T16:43:54.000000+00:00\nLast Submission:2022-12-28T10:22:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029804", "uuid": "0f2c2acf-3b4f-42d9-a97f-3f389d1dca65", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029804", "to_ids": true, "type": "md5", "uuid": "7714bd7b-e59d-4d3d-a8a1-96bf7bbda6fe", "value": "cdeb7abfc7775c63745135431272dda3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027927", "to_ids": true, "type": "sha1", "uuid": "55a0d763-d398-43ee-b9eb-e1df12012bf2", "value": "77430cca36ee983dc17ca47efe9faa608effcef8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027927", "to_ids": true, "type": "sha256", "uuid": "72c24d6e-18f9-4f68-94a3-8fdae85f124f", "value": "165a80f6856487b3b4f41225ac60eed99c3d603f5a35febab8235757a273d1fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023591", "to_ids": true, "type": "ssdeep", "uuid": "c94f816a-2eb6-4088-8468-eb08b0580a96", "value": "49152:851VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:8PCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023591", "to_ids": false, "type": "size-in-bytes", "uuid": "445df3ce-4db3-4f8c-b424-2a2b3bf84297", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023591", "to_ids": true, "type": "vhash", "uuid": "504839d3-36c4-496b-844b-673d78e30a61", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023591", "to_ids": true, "type": "filename", "uuid": "5465e90b-da96-48e4-b022-78b5b226eb38", "value": "50de35.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023591", "to_ids": false, "type": "text", "uuid": "036c0b96-2507-44df-8d6c-72cd9936dc1b", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:20/64\nFirst Submission:2024-02-26T14:06:06.000000+00:00\nLast Submission:2024-02-26T14:06:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029825", "uuid": "b5a84e9f-bf45-47ae-915e-b2d80b2373ef", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029825", "to_ids": true, "type": "md5", "uuid": "9f874bd7-b012-4e76-907b-c6d438224fe3", "value": "f97650ede0c39a29b0b5c5472f685d11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027929", "to_ids": true, "type": "sha1", "uuid": "a76f04fa-93f3-4fb3-a6e6-cc74dae0fe99", "value": "8ef8d08d98a7680d1cc7f3a367813e5568b2033d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027929", "to_ids": true, "type": "sha256", "uuid": "853212c3-630e-4b76-9121-9899e6ec8050", "value": "6f079c1e2655ed391fb8f0b6bfafa126acf905732b5554f38a9d32d0b9ca407d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023613", "to_ids": true, "type": "ssdeep", "uuid": "5697621b-f708-428b-bf8c-d25e328b23eb", "value": "24576:3iqchRQCffg3YhbHfdARpuPTB7Y8UwX2hQ1fZjDOriD:3iq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023613", "to_ids": false, "type": "size-in-bytes", "uuid": "cca19864-fd95-49b9-a1a2-b643962cb41b", "value": "3836416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023613", "to_ids": true, "type": "vhash", "uuid": "0b7395b1-0360-43a9-935c-2da054bd0ffc", "value": "840d9270cdc54989f417226f43eacc87" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023613", "to_ids": true, "type": "filename", "uuid": "7a181bd1-46f1-49f3-8e20-34b1cfb80322", "value": "__substg1.0_37010102" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023613", "to_ids": false, "type": "text", "uuid": "0aa409fd-216e-45a0-8f2b-23e4ef88252f", "value": "IoCs related to MuddyWater\r\nType Description: MS Word Document\nMicrosoft: Trojan:VBA/Malgent!MSR\nVT Total Detection:37/63\nFirst Submission:2025-11-17T10:52:57.000000+00:00\nLast Submission:2025-11-17T10:52:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029847", "uuid": "dd385175-c133-4cd1-abeb-85241fa61939", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029847", "to_ids": true, "type": "md5", "uuid": "a60fafa8-2b6a-4d6c-9570-f9b7f93a6a07", "value": "0a95918fd6000a69b8a70609f93e910f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027930", "to_ids": true, "type": "sha1", "uuid": "a0e81d9c-d5ac-4fe8-95ad-d5d58cd4135a", "value": "04e1f66cb9d4deb6e145bceb43c7110df9d8f027", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027931", "to_ids": true, "type": "sha256", "uuid": "59b3a432-d784-4042-a5db-21e4f4d771ce", "value": "e87fe81352ebda0cfc0ae785ebfc51a8965917235ee5d6dc6ca6b730eda494cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023636", "to_ids": true, "type": "ssdeep", "uuid": "1ef00e41-c4c7-4be9-9e32-39e989ef5973", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KE1T:w9mzytc/CKDllTllCeue6STzVT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023636", "to_ids": false, "type": "size-in-bytes", "uuid": "37135bc2-3a51-4fc2-9e0f-00f4687f1dbb", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023636", "to_ids": true, "type": "vhash", "uuid": "c90c2f51-dca0-4e42-b5f0-ee959329950d", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023636", "to_ids": true, "type": "filename", "uuid": "49ce658d-393c-4a8e-bb2f-1d5a60967381", "value": "profit-workshop.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023636", "to_ids": false, "type": "text", "uuid": "65c9c609-20fc-4dd2-8a79-62eaba2a0c1b", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:31/63\nFirst Submission:2022-11-15T11:22:49.000000+00:00\nLast Submission:2022-11-15T11:22:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029868", "uuid": "4eb3d5c6-5746-438d-9fac-0842a06302be", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029868", "to_ids": true, "type": "md5", "uuid": "becba191-d91c-43d7-ba5e-68633d3808e8", "value": "b9a67ffb81420e68f9e5607cc200604a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027932", "to_ids": true, "type": "sha1", "uuid": "51a69d85-0dd9-4d7c-8a72-d82b1f77a6b9", "value": "248214cc3011a70bb473dc12b0c07cb730aa04b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027932", "to_ids": true, "type": "sha256", "uuid": "255aab43-3bc6-4752-847b-29d9f2256ef0", "value": "dab2cd3ddfe29a89b3d80830c6a4950952a44b6c97a664f1e9c182318ae5f4da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023658", "to_ids": true, "type": "ssdeep", "uuid": "3b8541ec-ecbe-46e2-ac74-2b32066e11c4", "value": "6144:EY0QYQ+rwD1vkTkCJ6AjC6w9NZsK0cabUOAZ9AJEJ:ErrOkF6Z79DUU7J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023658", "to_ids": false, "type": "size-in-bytes", "uuid": "d07d7599-d49b-4920-a2b8-3278bf8d5d3e", "value": "270075" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023658", "to_ids": true, "type": "vhash", "uuid": "e61cdd31-e2ca-4303-b901-df421c77e7c7", "value": "bc9b05bc48cd641cceaf23b8ff575dd7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023658", "to_ids": true, "type": "filename", "uuid": "37616b98-d727-4747-99bb-e324bbeedf66", "value": "Unistudent_SocialID.docx" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023658", "to_ids": false, "type": "text", "uuid": "16a579b2-a9d3-4caa-9f09-b87c9f5a4906", "value": "IoCs related to MuddyWater\r\nType Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:34/67\nFirst Submission:2019-04-08T12:15:30.000000+00:00\nLast Submission:2024-07-19T01:54:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029890", "uuid": "42f6c79b-12c3-4a57-ba46-c8c0a007db5d", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029890", "to_ids": true, "type": "md5", "uuid": "97a44c77-f1f9-4dea-9926-089353f5fe80", "value": "95d9e6c262632abe004c4693a71eaced", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027934", "to_ids": true, "type": "sha1", "uuid": "9b222513-1f1c-4b8a-8c7b-8d494d0fb657", "value": "8833920040e37c989217c342412d3aa3f40187e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027934", "to_ids": true, "type": "sha256", "uuid": "8b4d2125-1b4d-459c-a94c-c976edf7c0ad", "value": "dc7e102a2c68f7e3e15908eb6174548ce3d13a94caadf76e1a4ee834dc17a271", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023681", "to_ids": true, "type": "ssdeep", "uuid": "fec07096-6ff8-4291-a351-4138e9d0b996", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEHT:w9mzytc/CKDllTllCeue6STznT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023681", "to_ids": false, "type": "size-in-bytes", "uuid": "9ec2bec5-0194-4e9d-a0b8-0eae272f1feb", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023681", "to_ids": true, "type": "vhash", "uuid": "7812299b-6ce6-4519-8388-baaac3cd0241", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023681", "to_ids": true, "type": "filename", "uuid": "a6683cb5-68cd-451a-9ae7-744a85c6db40", "value": "Looking for business insurance no335080.2022-isrotel.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023681", "to_ids": false, "type": "text", "uuid": "1f3e8b0c-d2f1-42d4-92df-6ff8a2561366", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:29/63\nFirst Submission:2022-11-08T12:17:18.000000+00:00\nLast Submission:2026-02-10T03:09:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029911", "uuid": "ae55f241-14f7-4023-9665-8dd2d74e99da", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029911", "to_ids": true, "type": "md5", "uuid": "e857d32e-28fe-4f04-9f1b-514a9943bc1c", "value": "aba760ec55fdeccb35adb068443feb89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027936", "to_ids": true, "type": "sha1", "uuid": "07196e97-2d5d-4ae2-8ea5-115618119651", "value": "8103cbffd4f7651c32a1cc602f0398027fb3207f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027936", "to_ids": true, "type": "sha256", "uuid": "0ff7e558-4785-4fc7-a765-134855861dfd", "value": "638c7a4f833dc95dbab5f0a81ef03b7d83704e30b5cdc630702475cc9fff86a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023704", "to_ids": true, "type": "ssdeep", "uuid": "c28e175a-995a-44f6-a156-96cbc2fb8a46", "value": "49152:g51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:gPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023704", "to_ids": false, "type": "size-in-bytes", "uuid": "eebebb3e-2802-49a1-a3e3-e6a43599ad28", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023704", "to_ids": true, "type": "vhash", "uuid": "b7e34d74-ec28-4916-86b0-b37fe58cdb31", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023704", "to_ids": true, "type": "filename", "uuid": "d747b9b0-c778-4135-93a8-ffc9400d7112", "value": "Polaristek.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023704", "to_ids": false, "type": "text", "uuid": "572dc5f6-6e00-4ed0-b861-4c14fc95a8b9", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:27/63\nFirst Submission:2024-02-13T10:39:11.000000+00:00\nLast Submission:2024-02-27T01:42:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029932", "uuid": "a5a09b30-48b3-45f2-89bc-5008c013f723", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029932", "to_ids": true, "type": "md5", "uuid": "cc978822-7cc1-4140-9d2f-2d9ca69c7415", "value": "809334c0b55009c5a50f37e4eec63c43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027937", "to_ids": true, "type": "sha1", "uuid": "9e601d52-1b32-40ba-9cd4-98b3d7b55516", "value": "24b60847bc0712c9ba0b8036c59ee16c211fa8bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027937", "to_ids": true, "type": "sha256", "uuid": "8134bb42-21be-4298-a889-36c5ff951a86", "value": "2722e289767ae391e3c3773b8640a8b9f6eb24c6a9d6e541f29c8765f7a8944b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023726", "to_ids": true, "type": "ssdeep", "uuid": "09ee9512-09a3-430f-aea2-919d4b5cb7b1", "value": "49152:r51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TzOFNOnUI:rPCMr2NMRmk/XeM9TEeRvx+ch/TzAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023726", "to_ids": false, "type": "size-in-bytes", "uuid": "9174f2d4-a0d9-4ad3-9f4f-fbe5075c45a9", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023726", "to_ids": true, "type": "vhash", "uuid": "e7203c76-00b6-4e6a-aee2-1c8fc440e736", "value": "4abff88a161b9a949d26e2a832b0a5cb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023726", "to_ids": true, "type": "filename", "uuid": "d354ac78-30b8-47d6-bae4-583edd698c0a", "value": "MuddyWater" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 07/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023726", "to_ids": false, "type": "text", "uuid": "4af908a0-f17d-4ed4-ab8e-d64669e86a56", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:24/62\nFirst Submission:2024-03-05T09:12:16.000000+00:00\nLast Submission:2024-05-22T18:53:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029954", "uuid": "4c3972f1-6531-47b2-8ffd-e13f04568e15", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029954", "to_ids": true, "type": "md5", "uuid": "aa566168-2f67-46cf-923c-533c40c275bd", "value": "75060f5394b72421c0d8f81f79931aa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027938", "to_ids": true, "type": "sha1", "uuid": "6baa42cf-2e63-4b10-af6c-8951049abbc1", "value": "0bb3ddeac6d4af21ea63d73857c779269c21c579", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027939", "to_ids": true, "type": "sha256", "uuid": "d8edac76-ce38-4ef1-b5a2-d4e7fbe43fe9", "value": "f24ce8e6679893049ce4e5a03bc2d8c7e44bf5b918bf8bf1c2e45c5de4d11e56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023749", "to_ids": true, "type": "ssdeep", "uuid": "c4f7dc0e-094a-43de-98fb-f9215c21cf82", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEUT:w9mzytc/CKDllTllCeue6STz0T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023749", "to_ids": false, "type": "size-in-bytes", "uuid": "7cbe223f-1690-4f5f-a76d-78d37abe1a0e", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023749", "to_ids": true, "type": "vhash", "uuid": "9c128a9b-381a-4324-a3c6-3d7f85d35ddb", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023749", "to_ids": true, "type": "filename", "uuid": "572d7805-efa4-4a4c-ad7b-2d88916123d7", "value": "malam.com.workshop.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 15/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023749", "to_ids": false, "type": "text", "uuid": "c0b4fe8a-e714-434b-9a9d-82f0aa687b86", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:25/63\nFirst Submission:2022-11-08T04:46:02.000000+00:00\nLast Submission:2024-03-01T22:33:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029976", "uuid": "357bb989-4ddc-4ae2-b9d9-c9d525ceebb0", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029976", "to_ids": true, "type": "md5", "uuid": "1eee1452-fd3e-48ac-9949-47fd5b4b7ed5", "value": "93be13bbcad30440a0d0ef3868d67003", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027940", "to_ids": true, "type": "sha1", "uuid": "a7e77532-3b74-46cb-8e66-3df0b3bf5ac0", "value": "0f5c2ebbf2edc7d25ea72437b5f5b2245fcffacf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027940", "to_ids": true, "type": "sha256", "uuid": "aae649b8-cb29-4339-8b6d-eb1a49156071", "value": "ec553e14b84ccca9b84e96a9ed19188a1ba5f4bf1ca278ab88f928f0b00b9bd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023772", "to_ids": true, "type": "ssdeep", "uuid": "7b33bd2e-ac3b-4f8d-a86b-5a29f7c30a50", "value": "49152:a+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:a+lUlz9FKbsodq0YaH7ZPxMb8tT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023772", "to_ids": false, "type": "size-in-bytes", "uuid": "619f5d62-63d4-4aeb-a539-beac883b95a1", "value": "2994176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023772", "to_ids": true, "type": "vhash", "uuid": "71038020-3918-4649-9dd5-bb269906c62a", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023772", "to_ids": true, "type": "filename", "uuid": "199094be-fb29-4345-bd5e-da2eaa2c98db", "value": "ec553e14b84ccca9b84e96a9ed19188a1ba5f4bf1ca2_edr78ab88f928f0b00b9bd0XxX4Msi.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023772", "to_ids": false, "type": "text", "uuid": "939f15d2-d4e2-4115-9c30-ff62dea64df0", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:25/64\nFirst Submission:2024-04-01T15:29:00.000000+00:00\nLast Submission:2025-06-18T11:31:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774029997", "uuid": "5cdae0b1-72c7-4cca-a9a3-f45f24f1bf11", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774029997", "to_ids": true, "type": "md5", "uuid": "6ad1cc60-7e72-4097-934a-475d8439863b", "value": "806adc79e7ea3be50ef1d3974a16b7fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027942", "to_ids": true, "type": "sha1", "uuid": "d8efec52-ff7a-4e65-82f5-c513cd7e69a6", "value": "b0ab6ce3d044a1339a705f233e113c44a1bced10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027942", "to_ids": true, "type": "sha256", "uuid": "4c345a75-5594-4dff-b800-bfb88213552c", "value": "93b749082651d7fc0b3caa9df81bad7617b3bd4475de58acfe953dfafc7b3987", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023794", "to_ids": true, "type": "ssdeep", "uuid": "c48917b3-463e-4740-9cd9-28f90e80023f", "value": "12288:iP/HOjaQ3UMq+jE5SWNGyfV0djZpDGCDJVXDdJsn:scEMq+jE5SW0OEj7Dz9kn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023794", "to_ids": false, "type": "size-in-bytes", "uuid": "ba8ba61a-67f1-4e73-91ac-cb0ace3ba111", "value": "482304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023794", "to_ids": true, "type": "vhash", "uuid": "4675f0ea-7dec-45fa-932d-b6d028f71557", "value": "e2dc95b9129ca8c9dd12235269cbe13a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023794", "to_ids": true, "type": "filename", "uuid": "33a1a82e-f7c3-4f06-9983-b8d1933f604b", "value": "93b749082651d7fc0b3caa9df81bad7617b3bd4475de58acfe953dfafc7b3987.unknown" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023794", "to_ids": false, "type": "text", "uuid": "9aeaae47-0933-4e99-a35d-8e4dc5c03f14", "value": "IoCs related to MuddyWater\r\nType Description: MS Word Document\nMicrosoft: TrojanDownloader:O97M/Aptdrop.J\nVT Total Detection:47/64\nFirst Submission:2019-03-12T11:19:36.000000+00:00\nLast Submission:2025-11-19T17:19:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030018", "uuid": "7fa59fad-b290-4c38-8e39-e87ab122b1e9", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030018", "to_ids": true, "type": "md5", "uuid": "f52b04d2-7263-4f79-b661-33559caa0efe", "value": "242098c3e87822bffa7c337987065fbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027943", "to_ids": true, "type": "sha1", "uuid": "00a104e8-d6dc-4623-bbcd-6895ea70a1aa", "value": "9543cab61c330e533bcdd92ed6e1012f1b284d10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027943", "to_ids": true, "type": "sha256", "uuid": "33d5d875-54e2-4636-8c5c-d8eb68c27c3b", "value": "39da7cc7c627ea4c46f75bcec79e5669236e6b43657dcad099e1b9214527670e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023817", "to_ids": true, "type": "ssdeep", "uuid": "8dfdbf23-1ad1-47f1-b502-2e7dae7012e3", "value": "49152:6+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:6+lUlz9FKbsodq0YaH7ZPxMb8tT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023817", "to_ids": false, "type": "size-in-bytes", "uuid": "51d1d9ad-0096-4c64-b559-f3d66d7b2af6", "value": "2994176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023817", "to_ids": true, "type": "vhash", "uuid": "defbc9e2-3779-4176-b2db-9a8d21ea3244", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023817", "to_ids": true, "type": "filename", "uuid": "f20ea972-6031-4228-8b65-0a96af7e828a", "value": "Leonardo hotels program.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 14/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023817", "to_ids": false, "type": "text", "uuid": "8e1b7b12-8131-4df3-ab94-7a8264d8d8b6", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/MuddyWater.A\nVT Total Detection:25/63\nFirst Submission:2024-04-02T09:11:17.000000+00:00\nLast Submission:2024-08-07T15:16:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030040", "uuid": "62c1125b-69bc-4c9b-bc71-f66d03fd7480", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030040", "to_ids": true, "type": "md5", "uuid": "f751fcb6-5746-4e31-81d1-f8aa27820845", "value": "c381c2cb8fdd6acf1636280b9424f573", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027945", "to_ids": true, "type": "sha1", "uuid": "f4a65421-268e-4ecb-9086-a4c0c0b5c41f", "value": "7918e2c9c6f2847078bb736968f8f21b7e70a0af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027945", "to_ids": true, "type": "sha256", "uuid": "d298f1bc-feda-4e39-9330-0d8348f99ff3", "value": "ff2ae62ba88e7068fa142bbe67d7b9398e8ae737a43cf36ace1fcf809776c909", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023840", "to_ids": true, "type": "ssdeep", "uuid": "bbd4c41e-a3e4-4c9e-b3f9-d8840e78644e", "value": "49152:k51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:kPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023840", "to_ids": false, "type": "size-in-bytes", "uuid": "5bb52456-2453-47c2-bd03-424ed0952d77", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023840", "to_ids": true, "type": "vhash", "uuid": "8c217be1-ca67-428f-b98f-8eccf9682ad8", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023840", "to_ids": true, "type": "filename", "uuid": "e8f190bb-65eb-468a-b6d2-073733faf2bb", "value": "\u05ea\u05d5\u05db\u05e0\u05ea \u05ea\u05d9\u05d9\u05e8\u05d5\u05ea.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023840", "to_ids": false, "type": "text", "uuid": "9b7a3bcc-a0f4-40fa-ad84-0653df436c53", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/MuddyWater.A\nVT Total Detection:32/63\nFirst Submission:2024-03-13T04:44:48.000000+00:00\nLast Submission:2024-08-07T15:19:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030061", "uuid": "b4b3faac-5068-484c-8a50-091ca035f7f5", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030061", "to_ids": true, "type": "md5", "uuid": "fdb1902a-000e-4ad9-98ff-0dadec3dbac8", "value": "2533307ec1ef8b0611c8896e1460b076", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027947", "to_ids": true, "type": "sha1", "uuid": "0671e991-c143-4e0a-8e55-70b865089283", "value": "324918c73b985875d5f974da3471f2a0a4874687", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027947", "to_ids": true, "type": "sha256", "uuid": "3b385a75-c406-45b6-bd08-03e62538c1fd", "value": "e25892603c42e34bd7ba0d8ea73be600d898cadc290e3417a82c04d6281b743b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023863", "to_ids": true, "type": "ssdeep", "uuid": "8bba1cfd-958d-47fb-ab08-1fa6276f9518", "value": "3072:DvxBhQz1y9Tiy4HzMLPdHZq0L2yKhrADqGVU6:Dbhy+TEILPdHZf2NUU6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023863", "to_ids": false, "type": "size-in-bytes", "uuid": "7fceb7ff-55b3-4379-b7a8-982a7425532d", "value": "150080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023863", "to_ids": true, "type": "vhash", "uuid": "e9f47bb7-bb13-4020-b61a-2738d203e73c", "value": "015066651d1555151038z527z4cz12fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023863", "to_ids": true, "type": "filename", "uuid": "62a2421e-d4b4-45a9-9fa7-fe331c822599", "value": "FMAPP.EXE" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023863", "to_ids": false, "type": "text", "uuid": "9c1fef0a-4ec6-4e99-bc33-ff568188519c", "value": "IoCs related to MuddyWater\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/72\nFirst Submission:2016-06-08T09:50:10.000000+00:00\nLast Submission:2026-03-06T15:16:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030082", "uuid": "9c034f98-6a38-4024-b041-e228878f5498", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030082", "to_ids": true, "type": "md5", "uuid": "12272ac2-04eb-438a-95b7-83fa4e97c3cf", "value": "1f280f51eeb6cf895fe80082ce725841", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027948", "to_ids": true, "type": "sha1", "uuid": "b5af7b56-f3ce-4307-8d57-0e0d001de1e6", "value": "c5066432feb9de0785207d5da3891720e744297f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027948", "to_ids": true, "type": "sha256", "uuid": "d25d6a9f-5378-48e4-b573-6cf09b723dc8", "value": "4d24b326d0335e122c7f6adaa22e8237895bdf4c6d85863cf8e84cfcc0503e69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023886", "to_ids": true, "type": "ssdeep", "uuid": "0026c35f-917d-47fa-973f-0d9ddb71e110", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KETT:w9mzytc/CKDllTllCeue6STzzT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023886", "to_ids": false, "type": "size-in-bytes", "uuid": "73d5903f-2c82-4aa7-b45b-0f4ca635c3c4", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023886", "to_ids": true, "type": "vhash", "uuid": "7c95fe3b-7e87-4f1f-bd1a-6065a8b55a0f", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023886", "to_ids": true, "type": "filename", "uuid": "57e69fb7-22ff-4bdb-bf18-d764d9df6e3a", "value": "415382.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023886", "to_ids": false, "type": "text", "uuid": "ac7a2617-9efe-4643-9fb0-0766e6f9fd67", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:14/63\nFirst Submission:2022-10-19T11:00:16.000000+00:00\nLast Submission:2022-10-19T11:00:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030104", "uuid": "b2f71a8e-7207-4ed1-a3eb-57da7ad9022b", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030104", "to_ids": true, "type": "md5", "uuid": "8a18479d-dae2-485f-857a-b5076951827e", "value": "43be8a405a7f57cf9f910d829c521b21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027950", "to_ids": true, "type": "sha1", "uuid": "757f88bb-cfad-4212-a197-4163e9b60758", "value": "bd39679896fe305cfb3cca7432c5ef6dafbc93a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027950", "to_ids": true, "type": "sha256", "uuid": "3c18acc6-0aba-44c4-99f4-e6a212454e31", "value": "4550b4fa89ff70d8ea59d350ad8fc537ceaad13779877f2761d91d69a2c445b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023909", "to_ids": true, "type": "ssdeep", "uuid": "298a9049-867b-4310-a814-3f929a7d37b4", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KE3T:w9mzytc/CKDllTllCeue6STzXT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023909", "to_ids": false, "type": "size-in-bytes", "uuid": "613b54fb-da78-4bde-8aec-8ca77907346e", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023909", "to_ids": true, "type": "vhash", "uuid": "8f1f4dcf-bfc6-4c85-bf09-1f43f03613c1", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023909", "to_ids": true, "type": "filename", "uuid": "817ac590-0ac2-4b12-af0f-f129482fc401", "value": "The electronic form of the invitation along with the exhibition manual.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023909", "to_ids": false, "type": "text", "uuid": "259cf23c-261f-44cb-a96b-ceadf492ddcd", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:24/63\nFirst Submission:2022-10-12T11:30:40.000000+00:00\nLast Submission:2022-10-12T11:30:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030125", "uuid": "189e33cd-db07-4b5f-b29a-f284d64ecb07", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030125", "to_ids": true, "type": "md5", "uuid": "74374b30-668a-4c96-b2f9-64b926128539", "value": "23d99f912f2491749b89e4fd337273bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027951", "to_ids": true, "type": "sha1", "uuid": "b8c4202f-8d03-4ce6-bfd9-574bf621d640", "value": "6fb8b0e4e31f678f53b22e7b8a1b70f0deef1545", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027952", "to_ids": true, "type": "sha256", "uuid": "37d8dd3d-7e41-468a-9f94-c96cd8e36ba7", "value": "14c270cf53a50867e42120250abca863675d37abf39d60689e58288a9e870144", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023931", "to_ids": true, "type": "ssdeep", "uuid": "cfdfc4db-5b0a-448a-bb25-c66dfed9d46e", "value": "49152:r51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:rPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023931", "to_ids": false, "type": "size-in-bytes", "uuid": "56d80ca8-fe50-4a57-bb0c-a461dbdf2568", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023931", "to_ids": true, "type": "vhash", "uuid": "9d0e6319-6bca-48cb-8e55-b72bed40b09b", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023931", "to_ids": true, "type": "filename", "uuid": "effc2c2b-b70b-4e49-b7cf-f3672d5965de", "value": "Tejasnetworks.com.webinar.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023931", "to_ids": false, "type": "text", "uuid": "897b2407-0836-4ac0-9f0f-51d60276b366", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:27/64\nFirst Submission:2024-02-04T07:56:56.000000+00:00\nLast Submission:2025-04-10T09:54:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030147", "uuid": "344a70bc-e39b-424c-b460-32588b72f464", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030147", "to_ids": true, "type": "md5", "uuid": "d6e724ba-e506-4e8e-af6f-92ea86f49f79", "value": "0873ce3db84b79da935f71df3d6c8e6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027953", "to_ids": true, "type": "sha1", "uuid": "296c5746-f243-4b25-8ac0-5093233dcef1", "value": "b7c4d32a1efa003742994253712593406480e68a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027953", "to_ids": true, "type": "sha256", "uuid": "37691640-bbe8-4416-9fbf-32452840065b", "value": "653046fa62d3c9325dbff5cb7961965a8bf5f96fa4e815b494c8d3e165b9c94a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023954", "to_ids": true, "type": "ssdeep", "uuid": "5a4d1300-0da4-46a4-98ad-c165218b2a32", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEhT:w9mzytc/CKDllTllCeue6STzBT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023954", "to_ids": false, "type": "size-in-bytes", "uuid": "e60b855d-9edd-49d8-9b79-6e553208d25b", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023954", "to_ids": true, "type": "vhash", "uuid": "76083f6f-bf0a-4471-8c8d-39efc977eb45", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023954", "to_ids": true, "type": "filename", "uuid": "f5924571-d643-4fbf-9d9e-fceb8dfab26c", "value": "MOJJORDAN.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023954", "to_ids": false, "type": "text", "uuid": "90a041b6-402f-459c-b670-a71fac1901c8", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:30/63\nFirst Submission:2022-10-10T10:35:40.000000+00:00\nLast Submission:2022-10-17T08:48:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030168", "uuid": "6bed2207-ef5a-4d36-b4bc-ead7cb3582ad", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030168", "to_ids": true, "type": "md5", "uuid": "db8bc4d6-e7e2-4324-b17b-56396de4f86b", "value": "f06e30dee8629e951cefa73373fdef9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027955", "to_ids": true, "type": "sha1", "uuid": "c9be69a5-3dbe-461a-bc28-150a514dfb01", "value": "d6ae00e158a266eb8427b61ce06ea8f9468bc7b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027955", "to_ids": true, "type": "sha256", "uuid": "c2b743fd-d3f4-4d24-95d9-08508090e931", "value": "54ebdea80d30660f1d7be0b71bc3eb04189ef2036cdbba24d60f474547d3516a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023976", "to_ids": true, "type": "ssdeep", "uuid": "2af9be47-42b5-49c9-b10a-167929a6a1d8", "value": "49152:NSJ55PNH64yDWPsJWL7K0YMpLKSo5xR5nZsExvl:NA55PU4uSs8pLKSo5xbnZsExvl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023976", "to_ids": false, "type": "size-in-bytes", "uuid": "87755985-d0e9-4bff-8c42-aea50a4fa252", "value": "1849344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023976", "to_ids": true, "type": "vhash", "uuid": "78552805-ab0d-4f3e-aeac-a8edc968cda4", "value": "016076657d155515555az43!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023976", "to_ids": true, "type": "filename", "uuid": "0f78cf50-24c3-42e5-9390-aafac2204700", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023976", "to_ids": false, "type": "text", "uuid": "3a8ff89a-bbd0-42de-9cd8-04dc84ca39b7", "value": "IoCs related to MuddyWater\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:48/72\nFirst Submission:2025-11-17T10:10:27.000000+00:00\nLast Submission:2025-11-17T10:10:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030189", "uuid": "1343d08c-dbd4-4ee3-b8c6-46fe0f109ee7", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030189", "to_ids": true, "type": "md5", "uuid": "234c5148-b093-42ab-a2f6-ffd62391950d", "value": "1e9a4e774b61acc8a6b35ee50417e661", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027957", "to_ids": true, "type": "sha1", "uuid": "422d4d05-a2b8-4cff-aac9-8d51aa247cd5", "value": "b7522d2f1fb7b9b92348b4d88c62480683d3485c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027957", "to_ids": true, "type": "sha256", "uuid": "f4448fd9-375d-4352-8bec-bec4d901cf83", "value": "c6128f222f844e699760e32695d405bd5931635ec38ae50eddc17a0976ccefb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774023999", "to_ids": true, "type": "ssdeep", "uuid": "3770fa50-668e-40d6-8b7d-78eeff44d836", "value": "49152:d51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:dPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774023999", "to_ids": false, "type": "size-in-bytes", "uuid": "013cdfc5-1f3b-4957-973a-9bd288adcf44", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774023999", "to_ids": true, "type": "vhash", "uuid": "a9b3bd8c-fb49-417d-9b71-dcb1802ddab3", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774023999", "to_ids": true, "type": "filename", "uuid": "fb807406-675d-46cf-869b-6ae550eac090", "value": "\u05de\u05d9\u05dc\u05d2\u05d4.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774023999", "to_ids": false, "type": "text", "uuid": "92a5c8cd-6923-4914-803d-a4a2758917a5", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:25/63\nFirst Submission:2024-03-11T15:34:56.000000+00:00\nLast Submission:2024-12-02T16:30:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030211", "uuid": "0009340a-f0ce-4bc6-ab89-1b436c131be3", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030211", "to_ids": true, "type": "md5", "uuid": "a8f77a47-4648-4ba4-9682-de01b980dec9", "value": "d276b8c1660f264d64eff3474718509b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027958", "to_ids": true, "type": "sha1", "uuid": "012d4069-be34-47aa-a8d2-e5d1b2af284e", "value": "17235aff5838668e5adbfb6eb431d2a5e0da13f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027959", "to_ids": true, "type": "sha256", "uuid": "d0275398-5647-4c76-8229-4e96d7521218", "value": "ddc6e6c76ac325d89799a50dffd11ec69ed3b5341740619b8e595b8068220914", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024022", "to_ids": true, "type": "ssdeep", "uuid": "74846440-e7a1-4b9f-a9f8-b49e45cbcad9", "value": "24576:rJYJIIB8OGMpbFpYbe652G5ADVuUvS6cm:r+IICOGiF8pUuc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024022", "to_ids": false, "type": "size-in-bytes", "uuid": "13c63278-429f-434a-8f4a-0f9ff0892bb1", "value": "1298432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024022", "to_ids": true, "type": "vhash", "uuid": "fb33f687-7de4-415a-b42e-0f6dbea64157", "value": "016066655d1555155053zb2z721z1059zacz137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024022", "to_ids": true, "type": "filename", "uuid": "c8619c72-a42c-4e8d-b10a-c95337484b27", "value": "nginx.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 24/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024022", "to_ids": false, "type": "text", "uuid": "495d19af-fb1e-4f6f-b4c1-ab6c1e0bdff5", "value": "IoCs related to MuddyWater\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/TroyStealer.SE!MTB\nVT Total Detection:50/72\nFirst Submission:2025-12-07T05:59:39.000000+00:00\nLast Submission:2026-01-17T16:22:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030232", "uuid": "ec8c5fe2-347d-4f4d-b750-395cccad17d3", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030232", "to_ids": true, "type": "md5", "uuid": "6bbc7997-140e-4301-bc45-d5aa77d9d937", "value": "d70ddec75de88bf4ca7cbb67b56627f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027960", "to_ids": true, "type": "sha1", "uuid": "f30088b6-79dc-4e32-b124-b706f5ffb9b1", "value": "41cb80cbc998007d8e0fd004884b1e31ecbf975d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027960", "to_ids": true, "type": "sha256", "uuid": "4d1dabb2-3b97-4784-96dd-de01714641fe", "value": "c23bac59d70661bb9a99573cf098d668e9395a636dc6f6c20f92c41013c30be8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024044", "to_ids": true, "type": "ssdeep", "uuid": "176b6412-86c2-4dd7-b0f4-1f901420e11c", "value": "24576:bNfoT3/QPvpFAEkgRk+5gQTAj7FUNuceLrDSr+AtU5KJLh:bNfor/QP3EAB5H8jeuLLrDSr+AtU5KJt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024044", "to_ids": false, "type": "size-in-bytes", "uuid": "bcf9c192-ed79-4fa9-8390-983f0edfb83b", "value": "1319084" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024044", "to_ids": true, "type": "vhash", "uuid": "1da4c03d-d8c4-4fb4-8cb6-193b76fa91e2", "value": "016066655d1555155053zb2z773z61z15za01az137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024044", "to_ids": true, "type": "filename", "uuid": "e71522ad-7f54-424b-a50a-c43ddf9f55e7", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024044", "to_ids": false, "type": "text", "uuid": "eafe6c07-41d8-4090-b373-d88e20db64e8", "value": "IoCs related to MuddyWater\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/TroyStealer.SE!MTB\nVT Total Detection:51/72\nFirst Submission:2025-11-20T08:45:49.000000+00:00\nLast Submission:2025-11-21T13:37:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030253", "uuid": "127d547a-4dfc-47b2-86f9-2126d71d1ce2", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030253", "to_ids": true, "type": "md5", "uuid": "85d06371-f0cf-409d-8015-c057c1cf481e", "value": "3ab16bd1c339fd0727be650104b74dd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027962", "to_ids": true, "type": "sha1", "uuid": "47d3178c-8679-4748-a1d5-cd228f8b494a", "value": "2b5ddc48fe17d014e38b9fd6646b23d5eb70b471", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027962", "to_ids": true, "type": "sha256", "uuid": "1d67ffcb-cf1f-4edf-b406-29963124a596", "value": "b2c52fde1301a3624a9ceb995f2de4112d57fcbc6a4695799aec15af4fa0a122", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024067", "to_ids": true, "type": "ssdeep", "uuid": "93eff181-7d23-465d-8148-b36da107b5b6", "value": "6144:1kxmZlZgvvvKm5KqORB6fFYipUjqvVy0:bZlZgvvvKmINbUFPgwVy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024067", "to_ids": false, "type": "size-in-bytes", "uuid": "da893c57-8648-4339-b13a-4acecf0ccdf8", "value": "1288704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024067", "to_ids": true, "type": "vhash", "uuid": "18a506bb-2795-47b6-af5d-1334bb1a6a77", "value": "35c734776fe05147670942468ef0aa58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024067", "to_ids": true, "type": "filename", "uuid": "2a12b623-cf7c-4937-a17a-806aed2380be", "value": "Online Seminar.FM.gov.om.doc" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024067", "to_ids": false, "type": "text", "uuid": "0cfbf3ca-cb99-47f5-80f8-0ed3b6553d5a", "value": "IoCs related to MuddyWater\r\nType Description: MS Word Document\nMicrosoft: Trojan:O97M/Obfuse!AMTB\nVT Total Detection:40/64\nFirst Submission:2025-08-21T17:14:25.000000+00:00\nLast Submission:2025-08-21T17:32:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030275", "uuid": "ad6a02c6-8585-44b3-b660-26fe7cf4b70a", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030275", "to_ids": true, "type": "md5", "uuid": "46b1848f-1d1a-4517-963c-72deec94c8ac", "value": "64fc017a451ef273dcacdf6c099031f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027964", "to_ids": true, "type": "sha1", "uuid": "56a34cf5-b8dd-4ccc-8a9a-e7f973deebed", "value": "6aa8b4f4a6fd1b4f768b1ac6faaaddbaa302a585", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027964", "to_ids": true, "type": "sha256", "uuid": "2b86e6b0-82a2-4108-bdc3-58aeab218760", "value": "70cab18770795ea23e15851fa49be03314dc081fc44cdf76e8f0c9b889515c1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024089", "to_ids": true, "type": "ssdeep", "uuid": "bd0a00aa-20f9-4329-999b-d5511a9add12", "value": "3072:mY96NNUbhnfcWcHVZvXhq6NRrWSMItI019Bx:mY9WNUNfcPbXhqwrWXJyx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024089", "to_ids": false, "type": "size-in-bytes", "uuid": "105d236d-5aa6-4e0d-afc4-a5044ac72c97", "value": "132578" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024089", "to_ids": true, "type": "vhash", "uuid": "eefbbfee-2ba7-42c9-a80f-52f7823a7a8f", "value": "95d54f60fbd87cb39bb58e42353d6fd5f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024089", "to_ids": true, "type": "filename", "uuid": "76d8adb2-cc1a-4c6d-b5ba-826d42410579", "value": "\u0645\u06a9\u062a\u0628\u0629 \u0625\u0644\u06a9\u062a\u0631\u0648\u0646\u06cc\u0629 .pdf" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024089", "to_ids": false, "type": "text", "uuid": "0b356bf9-bf63-41f6-94a9-2a3b2cdc7d46", "value": "IoCs related to MuddyWater\r\nType Description: PDF\nMicrosoft: Trojan:PDF/Phish!rfn\nVT Total Detection:25/64\nFirst Submission:2020-09-29T03:48:39.000000+00:00\nLast Submission:2021-03-11T12:00:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030297", "uuid": "57a0be67-f63c-4cd7-8c0e-b9a75f15edc4", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030297", "to_ids": true, "type": "md5", "uuid": "4e67dd7f-b820-4c4e-96c1-5112d931003c", "value": "4055d8b5c2e909f5db8b75a5750a7005", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027966", "to_ids": true, "type": "sha1", "uuid": "0cc802f1-adc7-4c07-a2cb-f46861026b6a", "value": "0fc0e1ab30f55d1709532496ac6adac107a4729e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027966", "to_ids": true, "type": "sha256", "uuid": "0abac3a7-f37e-4360-a161-a30205f833f7", "value": "ffbe988fd797cbb9a1eedb705cf00ebc8277cdbd9a21b6efb40a8bc22c7a43f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024112", "to_ids": true, "type": "ssdeep", "uuid": "c51e9811-7729-4687-934d-71410728acb2", "value": "49152:R51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:RPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024112", "to_ids": false, "type": "size-in-bytes", "uuid": "06003f68-53ac-4a52-8652-67360f2515e2", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024112", "to_ids": true, "type": "vhash", "uuid": "8fdd684e-fd32-41e9-8649-2f981502c707", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024112", "to_ids": true, "type": "filename", "uuid": "9ac17904-2c94-4f14-bf13-4b0cc24f080f", "value": "49cd3f.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024112", "to_ids": false, "type": "text", "uuid": "9d52ee04-3041-49fe-a2db-ab8fbf72b01d", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:22/64\nFirst Submission:2024-03-07T13:58:25.000000+00:00\nLast Submission:2024-03-07T13:58:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030318", "uuid": "8039959f-d89b-409e-91ae-e0c36146e6da", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030318", "to_ids": true, "type": "md5", "uuid": "7c24da82-be4a-455c-b0d3-4eb087950361", "value": "e2d6031afd81bf3b6a44de4d0b039055", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027967", "to_ids": true, "type": "sha1", "uuid": "3471b72e-a885-4f72-be77-49a31a2d41d7", "value": "25fbdc712d4b08609cbde91a41006fc9722f7a6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027968", "to_ids": true, "type": "sha256", "uuid": "2864f724-cfb3-42ad-ae84-f4ad233ddad0", "value": "011cb37733cdf01c689d12fedc4a3eda8b0f6c4dcdeef1719004c32ee331198e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024134", "to_ids": true, "type": "ssdeep", "uuid": "06fd6301-60c5-4c55-9f9b-779843e5af47", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KE5T:w9mzytc/CKDllTllCeue6STzZT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024134", "to_ids": false, "type": "size-in-bytes", "uuid": "a2f957e2-31e6-457c-8e7a-62a46359d145", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024134", "to_ids": true, "type": "vhash", "uuid": "42673e56-44ab-4877-983a-09cda15e789d", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024134", "to_ids": true, "type": "filename", "uuid": "e9331bf8-d75f-45b8-b162-2e5247d4980c", "value": "55355a.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024134", "to_ids": false, "type": "text", "uuid": "9089236f-6fae-4654-b480-8b4938745ad9", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:29/63\nFirst Submission:2022-10-25T06:05:51.000000+00:00\nLast Submission:2022-12-29T15:25:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030339", "uuid": "2fcc83d3-f574-4c26-9b5a-a1953f6312ed", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030339", "to_ids": true, "type": "md5", "uuid": "ce7868f5-e0b2-478f-8b72-c12dac851596", "value": "f1c935ce028022ab2a495eae83adacc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027969", "to_ids": true, "type": "sha1", "uuid": "305b8540-b622-4fd1-a8ec-5def42edeb21", "value": "1dd0301a120d6cbed1d22b9d1fb8c9d3d6793546", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027969", "to_ids": true, "type": "sha256", "uuid": "5f710d69-fab7-45eb-8781-effee764dca3", "value": "09e09503962a2a8022859e72b86ad8c69dcbf79839b71897c0bf8a4c4b9f4dd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024157", "to_ids": true, "type": "ssdeep", "uuid": "bdc22d80-f5f1-49fa-8d0e-0ccb3b5f9e69", "value": "49152:J+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:J+lUlz9FKbsodq0YaH7ZPxMb8tT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024157", "to_ids": false, "type": "size-in-bytes", "uuid": "17ab1308-5441-4a34-899d-5c99762c6963", "value": "2994176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024157", "to_ids": true, "type": "vhash", "uuid": "f40ef182-bfda-4164-b69b-9b3375414615", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024157", "to_ids": true, "type": "filename", "uuid": "9671c2d8-0ee6-4457-b32f-18a8af17e682", "value": "digitalform.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024157", "to_ids": false, "type": "text", "uuid": "6c0805a6-f085-4e8e-8644-3d3735bdf188", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:26/63\nFirst Submission:2024-04-03T17:11:44.000000+00:00\nLast Submission:2024-12-02T16:44:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030361", "uuid": "07ba5da9-bcec-4830-9004-2a1053456ef8", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030361", "to_ids": true, "type": "md5", "uuid": "6f84594c-2564-4b9b-bcc9-ab011ed07011", "value": "47e312ecca7af098bb1c6c69188f54cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027971", "to_ids": true, "type": "sha1", "uuid": "0ba2571b-cafc-485f-a23c-54cff2b21641", "value": "ab4edcc5f568c03f7912f363259d4c105c5970e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027971", "to_ids": true, "type": "sha256", "uuid": "98a3fb6e-1f70-4217-be49-558083c19091", "value": "e61b2ed360052a256b3c8761f09d185dad15c67595599da3e587c2c553e83108", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024179", "to_ids": true, "type": "ssdeep", "uuid": "1f0e3f10-23c2-4f7f-b83c-4d44128e1774", "value": "24576:bNfoT3/QPvpFAEkgRk+5gQTAjQFUNu1eLrDSr+AtU5KJLh:bNfor/QP3EAB5H8jZusLrDSr+AtU5KJt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024179", "to_ids": false, "type": "size-in-bytes", "uuid": "c59b1c9f-16f3-4fc0-80a9-1da7429b042b", "value": "1319084" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024179", "to_ids": true, "type": "vhash", "uuid": "51d6c9ea-f35f-40b8-96bc-93e7c5d2db5e", "value": "016066655d1555155053zb2z773z61z15za01az137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024179", "to_ids": true, "type": "filename", "uuid": "23060fd5-bfa1-4abb-ad42-9aafd3969e8b", "value": "art.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 11/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024179", "to_ids": false, "type": "text", "uuid": "02d27dbc-aad9-43d5-88e5-fd79ccfdcf84", "value": "IoCs related to MuddyWater\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/TroyStealer.SE!MTB\nVT Total Detection:53/72\nFirst Submission:2025-11-19T07:28:13.000000+00:00\nLast Submission:2026-01-17T16:37:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030384", "uuid": "f76f56e3-3d17-48bc-95fa-1b7b1091450d", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030384", "to_ids": true, "type": "md5", "uuid": "7832e55b-9f74-445e-9568-f4788e6806d0", "value": "b181ecbb7394e3b1394a8c97af65b7e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027973", "to_ids": true, "type": "sha1", "uuid": "80b0e253-08e6-4db6-bbbf-daace87ff54a", "value": "18a6ee322f30fe17f896686fbc162e4c8d628e5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027973", "to_ids": true, "type": "sha256", "uuid": "b5d3153c-cffd-4226-8603-7b60fb6a7559", "value": "dd2675e2f6835f8a8a0e65e9dbc763ca9229b55af7d212da38b949051ae296a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024202", "to_ids": true, "type": "ssdeep", "uuid": "5bf074d7-5302-4bb4-a169-12d285335039", "value": "49152:t51VAM5R2KAHlcp8qFmmzDza2Rqr+kMdPTEe/pjO8xn+ch/TlOFNOnUI:tPCMr2NMRmk/XeM9TEeRvx+ch/TlAr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024202", "to_ids": false, "type": "size-in-bytes", "uuid": "7e5593d5-324a-4ea5-a410-a8751d2ad4bd", "value": "2752512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024202", "to_ids": true, "type": "vhash", "uuid": "c494cc93-23d4-4f89-8694-e629a9578698", "value": "2927e68f82fa039a6332d13425cc33c3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024202", "to_ids": true, "type": "filename", "uuid": "e1d81dc0-d9cd-414e-b27d-16f4a2835d6b", "value": "comviva.com.webinar.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024202", "to_ids": false, "type": "text", "uuid": "75bded84-7a4e-4944-9698-f8c62d4b09b4", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:31/64\nFirst Submission:2024-02-21T06:50:12.000000+00:00\nLast Submission:2025-05-20T15:16:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030405", "uuid": "67243366-b386-4ae8-8a68-d956ff66aa58", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030405", "to_ids": true, "type": "md5", "uuid": "ac02eb88-77ec-4050-b7da-f9cab8fd7652", "value": "08d8ab5dd375847ce909297e59e7df00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027975", "to_ids": true, "type": "sha1", "uuid": "85624cc9-01f7-4732-8d51-09f5330b3db4", "value": "b4e787c74dd6ba8067ce69eaea00c19866f3b138", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027975", "to_ids": true, "type": "sha256", "uuid": "573004f3-17ec-4861-ac68-1d9fa91ef105", "value": "e081bc408f73158c7338823f01455e4f5185a4365c8aad1d60d777e29166abbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024226", "to_ids": true, "type": "ssdeep", "uuid": "3154e1ce-4106-4b12-adb7-ded8381f644c", "value": "24576:/iJcz366cGXUEUQMTK8toGE30APWkPXN6:/iJSK6cGpUQHFEcM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024226", "to_ids": false, "type": "size-in-bytes", "uuid": "01a562dd-7740-49d3-b05c-9ba314cb8cc4", "value": "1318908" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024226", "to_ids": true, "type": "vhash", "uuid": "7cfd9b86-a460-4cb8-888f-bacabff2793a", "value": "016066655d1555155053zb2z721z1059zacz137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024226", "to_ids": true, "type": "filename", "uuid": "442f4cf8-598f-4a4b-813a-170c0b9843ef", "value": "cloud.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 10/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024226", "to_ids": false, "type": "text", "uuid": "58716073-ce13-4d37-bd31-73e01da44671", "value": "IoCs related to MuddyWater\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/RustyStealer.A!AMTB\nVT Total Detection:49/72\nFirst Submission:2025-11-09T14:39:19.000000+00:00\nLast Submission:2026-01-08T21:22:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030427", "uuid": "c143bb1c-7f94-41a1-a8ad-9bd2a7e2ca97", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030427", "to_ids": true, "type": "md5", "uuid": "7e8fb5a8-ae25-40db-a9b5-16117780bc2a", "value": "c478e472f6223e7ee92cff8b459e55e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027976", "to_ids": true, "type": "sha1", "uuid": "d79c67f9-7349-4deb-aa44-610eef0a5118", "value": "326b808f4f933f20e4e8686e9a6e93454c8ed334", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027976", "to_ids": true, "type": "sha256", "uuid": "b5bb99dd-2ebb-4fac-bc24-a80e92fef8a3", "value": "7523e53c979692f9eecff6ec760ac3df5b47f172114286e570b6bba3b2133f58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024248", "to_ids": true, "type": "ssdeep", "uuid": "4565fd63-f2b2-4a88-aa4c-6cfb95b7e289", "value": "24576:li8CxkFmdNY74p3qy2YMohshnNBj8/A1jYC:li8CxaeNYkRqy2YMoKpzv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024248", "to_ids": false, "type": "size-in-bytes", "uuid": "da6f0650-7bf9-4a03-acbe-c2ca19b76069", "value": "1288192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024248", "to_ids": true, "type": "vhash", "uuid": "ca9f6167-867f-4984-a5c3-aa752dfb5f20", "value": "016076655d155d05155053zb2z6e1z1079zacz137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024248", "to_ids": true, "type": "filename", "uuid": "ebeb3e45-8f78-429b-8d8b-afdc078a5709", "value": "reddit.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024248", "to_ids": false, "type": "text", "uuid": "fc145fef-46f7-499d-b858-ff030b1b65eb", "value": "IoCs related to MuddyWater\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/RustyStealer.A!AMTB\nVT Total Detection:51/72\nFirst Submission:2026-01-06T18:47:44.000000+00:00\nLast Submission:2026-01-29T00:51:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030448", "uuid": "acc5d855-131a-4034-979c-8085358a3422", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030448", "to_ids": true, "type": "md5", "uuid": "2e4a9540-0380-418e-ad10-c427253ea4ff", "value": "96d5a7e0e75654c444cb1a915c666ac8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027977", "to_ids": true, "type": "sha1", "uuid": "6bf5cc07-d73f-49b3-b76d-88302b51db96", "value": "39ac9a36ac7e3411a14590f2200d642072dbf40c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027978", "to_ids": true, "type": "sha256", "uuid": "9ede4b88-b414-4c4b-9a62-deafb4099b6f", "value": "331b513cf17568329c7d5f1bac1d14f38c77f8d4adba40c48dab6baf98854f92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024271", "to_ids": true, "type": "ssdeep", "uuid": "f0cf9643-5666-4b5e-ab52-5a1420e2586d", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEVT:w9mzytc/CKDllTllCeue6STz1T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024271", "to_ids": false, "type": "size-in-bytes", "uuid": "1034a6de-4da8-437f-9dd1-1b95839077e8", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024271", "to_ids": true, "type": "vhash", "uuid": "8bd925fc-6283-44c8-9858-4a3fd0debf3c", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024271", "to_ids": true, "type": "filename", "uuid": "eec32d28-08ec-43cb-b0b7-84bc80a00c89", "value": "The electronic form of the invitation along with the exhibition manual.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024271", "to_ids": false, "type": "text", "uuid": "8d058711-f3a5-4473-a856-db778756b913", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:23/62\nFirst Submission:2022-10-24T09:47:24.000000+00:00\nLast Submission:2022-10-27T12:29:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030470", "uuid": "cc587f83-0513-4acb-9f85-3e8a11dc59fc", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030470", "to_ids": true, "type": "md5", "uuid": "021e5b16-a525-4d05-8714-27e7c347433f", "value": "244a4f81cff4a8dc5872628a40713735", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027979", "to_ids": true, "type": "sha1", "uuid": "7a15d598-25ae-45bd-bced-6215d0620dce", "value": "16fb722d7b8ab5a1eba16facd7aab894bb37465a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027979", "to_ids": true, "type": "sha256", "uuid": "5dcb0cd4-ec11-41dd-9c73-2c8830b8f5dd", "value": "1670a59f573037142f417fb8c448a9022c8d31a6b2bf93ad77a9db2924b502af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024293", "to_ids": true, "type": "ssdeep", "uuid": "6ffab518-5d81-4e9c-b70d-0517a9fce55d", "value": "6:q43tNykuX9vya0MwUHpBvt33XyxZ9cKjaJCOLlfv3rFwCFKHOmJHHLWXfGb:TrmX5dL/pZt3HubGVFwCsHOW8Gb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024293", "to_ids": false, "type": "size-in-bytes", "uuid": "d3620269-2e53-488f-a257-9faee503b49a", "value": "308" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024293", "to_ids": true, "type": "vhash", "uuid": "ddf416e8-614a-44e4-b97f-f91becfa1232", "value": "1423b06799819be0a182c52733e47a59" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024293", "to_ids": true, "type": "filename", "uuid": "0f30ebf7-eb34-4f86-baa2-497b67c91bd8", "value": "Looking for business insurance no335080.2022-isrotel.html" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024293", "to_ids": false, "type": "text", "uuid": "a8a7728f-60e5-4afa-82e9-77427a9d24bd", "value": "IoCs related to MuddyWater\r\nType Description: HTML\nMicrosoft: TrojanDownloader:HTML/FormBook!MSR\nVT Total Detection:29/62\nFirst Submission:2022-11-08T15:37:16.000000+00:00\nLast Submission:2023-04-12T07:12:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030492", "uuid": "127efc73-cd1e-4935-af1d-57422a10d4f7", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030492", "to_ids": true, "type": "md5", "uuid": "372d2e18-12fd-4ced-ad61-829ad216c843", "value": "6d7ce5b03fe61683229c29a859505163", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027980", "to_ids": true, "type": "sha1", "uuid": "c9acb485-7d24-4d5a-998d-08f2a41b8813", "value": "b45adaa53c38733a2df76ddece56baa1d3921c20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027981", "to_ids": true, "type": "sha256", "uuid": "55c1d190-afbd-4642-803b-cea2bc7b51d9", "value": "697580cf4266fa7d50fd5f690eee1f3033d3a706eb61fc1fca25471dbc36e684", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024316", "to_ids": true, "type": "ssdeep", "uuid": "3b6f6428-63a9-4531-b886-474fb1701751", "value": "98304:GAC9AGDm8MytOY9woKC4BDBwWlKylZ/FxCeMxlGV9GZRik9VI5TMwGP2KEpT:w9mzytc/CKDllTllCeue6STzJT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024316", "to_ids": false, "type": "size-in-bytes", "uuid": "1dc9f0b1-7508-4d44-adfb-ad007c49e5dd", "value": "6179328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024316", "to_ids": true, "type": "vhash", "uuid": "c1df465c-ca0d-4dcb-b74f-873ead936675", "value": "5f4770a787ada757b63901402c983710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024316", "to_ids": true, "type": "filename", "uuid": "30ea7db2-148d-4a0d-bcf8-e182283eb3ff", "value": "6baa03.msi" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024316", "to_ids": false, "type": "text", "uuid": "8db1e7be-ead4-4820-9d68-f43fd61d95b4", "value": "IoCs related to MuddyWater\r\nType Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:25/63\nFirst Submission:2022-11-12T13:25:06.000000+00:00\nLast Submission:2022-12-29T15:42:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030513", "uuid": "f84f6c68-30f7-4637-b029-51ed0c675230", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030513", "to_ids": true, "type": "md5", "uuid": "4e22b96e-d96c-4029-808c-a0ced09f0dd4", "value": "aaa9db79b5d6ba319e24e6180a7935d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027982", "to_ids": true, "type": "sha1", "uuid": "00ed0cc4-dda3-4acf-9d16-2fde843ddb02", "value": "ff69b5e96a83f4f5657a087649882ec8b5ba09d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to MuddyWater", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027982", "to_ids": true, "type": "sha256", "uuid": "cefb26e2-34cb-4664-9a2f-f784c748fd83", "value": "dedc593acc72c352feef4cc2b051001bfe22a79a3a7852f0daf95e2d10e58b84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024338", "to_ids": true, "type": "ssdeep", "uuid": "ae5168e5-88ac-4a9a-955d-c83c9db3cb8d", "value": "6:q43tNykuX9vya0MwUHpBvt33XyxZ9+3O5UYM0K5bfv3QGyBOKTmVQHHLWXfGb:TrmX5dL/pZt3HuyYQiBOqB8Gb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024338", "to_ids": false, "type": "size-in-bytes", "uuid": "f01474f8-bbc2-44cc-baf5-9377906e99f1", "value": "296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024338", "to_ids": true, "type": "vhash", "uuid": "f820c5dc-dd16-46a9-8825-b9619cb04a6c", "value": "1423b06799819be0a182c52733e47a59" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024338", "to_ids": true, "type": "filename", "uuid": "5669662d-9df6-4a41-a451-4d3e490821b6", "value": "purchase data hosting-no332050-10.24.2022.html" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024338", "to_ids": false, "type": "text", "uuid": "cba00984-278e-4f33-b15a-40e9d8603930", "value": "IoCs related to MuddyWater\r\nType Description: HTML\nMicrosoft: TrojanDownloader:HTML/FormBook!MSR\nVT Total Detection:32/62\nFirst Submission:2022-10-25T12:15:17.000000+00:00\nLast Submission:2026-01-16T05:55:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030535", "uuid": "a665cbcb-ce67-4a17-9cf7-741f1d5dc708", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030535", "to_ids": true, "type": "md5", "uuid": "0699ef5d-b2e6-4d8e-8f50-4b2a61b08c89", "value": "80c91b4343fe1260e348872e1b4c0713", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027984", "to_ids": true, "type": "sha1", "uuid": "9c037816-61a6-4332-98b1-1d99c450323b", "value": "f764a6f6b9299394285db497e15686923e5b7e55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027984", "to_ids": true, "type": "sha256", "uuid": "44c658fd-bf4c-4930-a012-8273fbe72aa9", "value": "054483046c9f593114bc3ddc3613f71af6b30d2e4b7e7faec1f26e72ae6d7669", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024361", "to_ids": true, "type": "ssdeep", "uuid": "f3e65cee-0e8e-4ca8-8287-c3d914d77c8b", "value": "24576:BVmUbT/6pXeiRr3b0ntQkLcXyxv/bCIRX5+3KR/ikxb+aWq94Ms:BSpXeiRTb0ntQOw3VkhJWS4H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024361", "to_ids": false, "type": "size-in-bytes", "uuid": "06a804c6-f210-4a3b-a9ea-8e97beabcdcf", "value": "2263928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024361", "to_ids": true, "type": "vhash", "uuid": "f93a5c8d-7eaf-491a-a8be-eca08e69adad", "value": "126066655d6555155az59?z6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024361", "to_ids": true, "type": "filename", "uuid": "dce4d5c4-d224-46e3-a136-0c119a7ab51d", "value": "xmllite.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024361", "to_ids": false, "type": "text", "uuid": "faa988a6-01d3-4a54-94a2-46edb0861797", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:29/71\nFirst Submission:2025-09-09T11:59:54.000000+00:00\nLast Submission:2025-09-09T11:59:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030556", "uuid": "e43531a3-bc01-431f-b992-244d65347e58", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030556", "to_ids": true, "type": "md5", "uuid": "2d586749-184c-46bf-9fdb-8b60ea37aac2", "value": "83b7ec5f0d5d6f11ba1284a3f705e98e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027985", "to_ids": true, "type": "sha1", "uuid": "902ccfe9-d3e1-4058-ab48-2538b8ee40e4", "value": "468351635537473aed8b85526f4b8d342f03c63b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027985", "to_ids": true, "type": "sha256", "uuid": "e66fc3b4-41ba-4905-8fa1-f5a55a097fa4", "value": "7c77865f27b8f749b7df805ee76cf6e4575cbe0c4d9c29b75f8260210a802fce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024427", "to_ids": true, "type": "ssdeep", "uuid": "48923042-b5bb-4726-9b96-0e235e4ad4d8", "value": "24576:uGCUBNe9o4Sp9LCT5A9R105j2oZOnMvhMKY5NpcvvwdAs6aqXPyiM1GzlZILhVa1:uC9p9LCT5A9KBAdqpxzlZATa1sh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024427", "to_ids": false, "type": "size-in-bytes", "uuid": "e22494d5-d4b8-46db-a1f8-7bbb55a443fc", "value": "2308472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024427", "to_ids": true, "type": "vhash", "uuid": "2faea156-d903-4b5a-a952-d7afb5bac966", "value": "126066655d6555155az58?z6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024427", "to_ids": true, "type": "filename", "uuid": "ce6bcc94-c4d5-43b1-9825-2a6e6fa0d70b", "value": "xmllite.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024427", "to_ids": false, "type": "text", "uuid": "cb30ffa3-9e2b-4c30-bc30-025b9ccd737d", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:27/72\nFirst Submission:2025-07-21T10:48:35.000000+00:00\nLast Submission:2025-08-13T16:47:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030579", "uuid": "7621a0d3-4b00-4bdf-ae22-6541e64b4249", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030579", "to_ids": true, "type": "md5", "uuid": "134a8386-c182-4b59-9898-8ed46d76f8b5", "value": "b7e4b752adff07ac1b7b67a9be30b366", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027987", "to_ids": true, "type": "sha1", "uuid": "faca2113-d0c2-442c-ae1b-64019d62b8f7", "value": "8356a79dcd0b240dae13b90252313bde218f3acc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027987", "to_ids": true, "type": "sha256", "uuid": "5c527686-de04-436a-b3f1-a399894f53c9", "value": "b9b3ba39dbb6f4da3ed492140ffc167bde5dee005a35228ce156bed413af622d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024449", "to_ids": true, "type": "ssdeep", "uuid": "61c53c2d-25cb-4f51-902e-ef1faf81cbbb", "value": "24576:riS5lanvwRNtF4AF8KkkWAmhmwx4BVx3azv7dDxgAcn4:ri8LtF1FG3xoVx3aj5D2AS4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024449", "to_ids": false, "type": "size-in-bytes", "uuid": "532e323c-51b7-45e1-9b23-4c7bbd69f6eb", "value": "1990520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024449", "to_ids": true, "type": "vhash", "uuid": "d299066e-d07f-4d91-bc40-6a3b3ee11dfa", "value": "116066655d6555155az58?z6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024449", "to_ids": true, "type": "filename", "uuid": "73163ad7-8851-4f14-a5fd-bd7734bce11e", "value": "xmllite.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024449", "to_ids": false, "type": "text", "uuid": "8eb904dd-e5c5-47ce-87ce-9291be10dab9", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:39/71\nFirst Submission:2025-07-30T13:45:03.000000+00:00\nLast Submission:2025-08-06T07:17:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030600", "uuid": "ba2c90d9-6c42-475d-a7b9-f5215692e323", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030600", "to_ids": true, "type": "md5", "uuid": "32c6265f-dd98-43a2-b55a-f07bcc9cd287", "value": "223196939e1e1ba9256f515b0a510d7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027988", "to_ids": true, "type": "sha1", "uuid": "9c5d6cb0-0fa8-496b-848a-c66078b65db4", "value": "9e0ffbefdc7dee2663eb648ecf4f5d0a1ad521ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027989", "to_ids": true, "type": "sha256", "uuid": "977f113d-8d47-476c-be4d-488ba74e6333", "value": "f8a1c69c03002222980963a5d50ab9257bc4a1f2f486c3e7912d75558432be88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024472", "to_ids": true, "type": "ssdeep", "uuid": "becc7bc3-37a1-49ee-9ee0-933af1691efe", "value": "98304:GgxUTbdAlLsLCdwLdbCL67qOXUYoep+F0ubRKgInEYu1AY7D0FYYbsSaq13y2zyJ:Gg9qL5Xu0uNKtnEYu1AY7sbsDggIy1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024472", "to_ids": false, "type": "size-in-bytes", "uuid": "7fb02e09-19fb-40ff-84a3-456b9c69b4ea", "value": "10000960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024472", "to_ids": true, "type": "vhash", "uuid": "4d8239d3-69c1-4420-b92e-4aee2e4fb45c", "value": "017076655d756515755az5b!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024472", "to_ids": true, "type": "filename", "uuid": "997bc191-3740-4d65-91f9-0836751883f4", "value": "IMG_0411.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024472", "to_ids": false, "type": "text", "uuid": "1c3db77a-c1b9-4857-8063-0a124413744f", "value": "IoCs related to APT35\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Nimbus.GVB!MTB\nVT Total Detection:43/72\nFirst Submission:2025-05-14T08:18:21.000000+00:00\nLast Submission:2025-05-14T19:55:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030621", "uuid": "8045f3f9-82d6-423c-b81a-49f9e5fa50e4", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030621", "to_ids": true, "type": "md5", "uuid": "8cba6aef-1238-486f-9316-7b34b6e5ac7b", "value": "e8e0f2ade7294808d86b23a989b21be1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027990", "to_ids": true, "type": "sha1", "uuid": "c94bc12b-57d3-4270-938c-cdc75e739c1e", "value": "5bc4469b2466f4f26565538c82e0d5e08bc7037e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027990", "to_ids": true, "type": "sha256", "uuid": "46b3434b-ac26-48f2-bca5-9a7f13715969", "value": "e69c7ea1301e8d723f775ee911900fbf7caf8dcd9c85728f178f0703c4e6c5c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024495", "to_ids": true, "type": "ssdeep", "uuid": "66979dd7-f3f2-4785-adb6-bac5c2a42e22", "value": "24576:8q2w4XwSLHyXMdfDFqzfPo4xZElRBuJXlZn:87LHwfP7xZEzBg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024495", "to_ids": false, "type": "size-in-bytes", "uuid": "747b608d-bb23-4c57-a97e-3417dee5881d", "value": "1841152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024495", "to_ids": true, "type": "vhash", "uuid": "ab280b1c-d244-49cc-9e8e-69a5861b2ca1", "value": "116066555d1555155az5enz1dz2c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024495", "to_ids": true, "type": "filename", "uuid": "8bc970d7-54c0-4d42-843d-65bcf651cffc", "value": "dwmapi.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024495", "to_ids": false, "type": "text", "uuid": "4481668c-cdef-4d89-a40a-f44ec899338e", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:43/72\nFirst Submission:2025-02-28T11:16:10.000000+00:00\nLast Submission:2025-03-10T23:14:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030643", "uuid": "7f6646e2-66e1-4815-83f3-7df6cc4eb1d3", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030643", "to_ids": true, "type": "md5", "uuid": "67edea7c-2495-4eb0-85db-e7a1ecbba519", "value": "7391c3d895246dbd5d26bf70f1d8cbad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027992", "to_ids": true, "type": "sha1", "uuid": "fd9d9f66-b82f-468e-91aa-3caea14c8015", "value": "83b4ad00f7d3ed2a4e67589259de11ca13d08d84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027992", "to_ids": true, "type": "sha256", "uuid": "c4530c91-5e09-474d-aac6-c379456d6cf6", "value": "d81f26c37f29bf0d53032497ea917b56120b761fd1fcf643b2bd3e82fa1ae847", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024517", "to_ids": true, "type": "ssdeep", "uuid": "1961e4e9-49da-4ac6-adcf-2e3048ff3105", "value": "24576:AaUiJ2KvwtgBhiaIXlHgtfn+AtTx23/MtVdCozOE:lFJUch7IXlEmITxMMt3l" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024517", "to_ids": false, "type": "size-in-bytes", "uuid": "6e6de058-ec48-4476-843a-97bf3ef8bbbd", "value": "1026242" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024517", "to_ids": true, "type": "vhash", "uuid": "dfa0a108-a572-4c43-b55b-fa4c2b72d6a0", "value": "4a36c7f8fc3875055a6aad31e9223ecd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024517", "to_ids": true, "type": "filename", "uuid": "fab6c98e-4c2b-475b-833b-d6e5a35ebcc8", "value": "_d81f26c37f29bf0d53032497ea917b56120b761fd1fcf643b2bd3e82fa1ae847.lnk" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024517", "to_ids": false, "type": "text", "uuid": "9bb88653-9219-4cc3-b646-c276467d31d8", "value": "IoCs related to APT35\r\nType Descriptio%WINDIR%\\shortcut\nMicrosoft: Trojan:Win32/Winlnk.YAS!MTB\nVT Total Detection:42/64\nFirst Submission:2025-08-19T17:06:53.000000+00:00\nLast Submission:2025-08-21T09:20:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030664", "uuid": "2a913513-4b46-4d65-8ad2-30c8c99af415", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030664", "to_ids": true, "type": "md5", "uuid": "26379b23-67e5-47f0-8a54-4173603966df", "value": "b40533e67e70b7ff7bb53d34a4b9170e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027994", "to_ids": true, "type": "sha1", "uuid": "027b9baf-bd6b-473f-9aa3-71685fdd7e73", "value": "e8520f70af1114d89e8e26e9acab603c84ead981", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027994", "to_ids": true, "type": "sha256", "uuid": "3a9fe802-d8c7-48d3-bbe9-f5b8471fbfe9", "value": "0e4ff052250ade1edaab87de194e87a9afeff903695799bcbc3571918b131100", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024562", "to_ids": true, "type": "ssdeep", "uuid": "69bbeb0f-8fcc-4a72-b3aa-fd6eb4faab4b", "value": "6144:eBg7CJedilJ8CQI9peeZu2ql7QFOZOFsvOz2wDv37Ue0ZYlQyVR7+:cg7C9lTbZ1qJQZjz2wDz08pn+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024562", "to_ids": false, "type": "size-in-bytes", "uuid": "beadf149-6726-4e11-b1e8-04d384edfb9a", "value": "438648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024562", "to_ids": true, "type": "vhash", "uuid": "d5a0ba73-dca0-4618-acb7-ccd1fc3087e2", "value": "145066655d1555155az5?z13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024562", "to_ids": true, "type": "filename", "uuid": "eab32f71-de82-4737-9ced-46cc13a701af", "value": "dxgi.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024562", "to_ids": false, "type": "text", "uuid": "da20de4e-24f1-431a-804f-015e0b580935", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win64/CandleStone.Cert.A!dha\nVT Total Detection:45/72\nFirst Submission:2025-07-29T14:09:53.000000+00:00\nLast Submission:2025-08-16T23:33:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030685", "uuid": "844b7151-f0cf-4692-a983-818c5373ea76", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030685", "to_ids": true, "type": "md5", "uuid": "2238ffc4-5a13-4993-81f7-ed64395a1a1d", "value": "a17b40b8133c1cc29c6146732086db69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027995", "to_ids": true, "type": "sha1", "uuid": "05a5955a-80a5-40ad-84f5-592f65196579", "value": "c81055c45d790fb59ed5e7d6e8bae73c2efb0e24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027996", "to_ids": true, "type": "sha256", "uuid": "68048185-f120-4454-8a30-ab7e23a8604a", "value": "a4f5251c81f080d80d1f75ad4cc8f5bc751e7c6df5addcfca268d59107737bd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024585", "to_ids": true, "type": "ssdeep", "uuid": "773a46da-b34a-4b3d-a3b6-9b0433a3d09e", "value": "49152:CA3x0dzl7+JwpvfMls+zphJRpr/HkSa+B:Rxb+Z9+zpH7kM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024585", "to_ids": false, "type": "size-in-bytes", "uuid": "325a8a3e-4c5b-4d3e-8e52-e43b5ce60bab", "value": "3070464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024585", "to_ids": true, "type": "vhash", "uuid": "681a7979-b851-4771-afce-d5a4eaa3614d", "value": "136066655d6565155az5d=z1a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024585", "to_ids": true, "type": "filename", "uuid": "30851274-691b-4112-b354-fe4a45d5e32d", "value": "cabinet.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024585", "to_ids": false, "type": "text", "uuid": "ce1a1163-bae7-4375-8005-6a5417652ae2", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVC!MTB\nVT Total Detection:45/72\nFirst Submission:2025-06-29T15:43:47.000000+00:00\nLast Submission:2025-06-29T15:43:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030707", "uuid": "9e258fe0-b096-4e78-b17e-c096cf2e4080", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030707", "to_ids": true, "type": "md5", "uuid": "5819d6c6-1fb2-40da-af08-ffbdfa4f49ef", "value": "14d8e865d3ca67b88c01f7e5d2b0862d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027997", "to_ids": true, "type": "sha1", "uuid": "e587ce19-4472-4c38-b67a-3865a692c22e", "value": "8b4d1cd340c95f7ddfe8e0813949d4ea34f969fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027998", "to_ids": true, "type": "sha256", "uuid": "e7cce428-0de3-461b-88c5-f89560e5f577", "value": "d2db5b9b554470f5e9ad26f37b6b3f4f3dae336b3deea3f189933d007c17e3d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024607", "to_ids": true, "type": "ssdeep", "uuid": "caf55901-1f48-49b0-89aa-b705c29abd86", "value": "196608:dfiyyAy416Oha6gLVm9+T+70apllFsBx1Iyrfqw8W:tP1ww+S70aflFsBxH8W" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024607", "to_ids": false, "type": "size-in-bytes", "uuid": "6ba3ee86-fd45-413f-9e2d-cb5496b6fd1c", "value": "13230968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024607", "to_ids": true, "type": "vhash", "uuid": "9e175244-b14f-4b7e-bcc1-e7f6a91d4c7e", "value": "117066655d7565155az5d=z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024607", "to_ids": true, "type": "filename", "uuid": "237d9082-3cf1-422c-94b1-01c2db07b992", "value": "userenv.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024607", "to_ids": false, "type": "text", "uuid": "fc9d84f2-b9a1-4df1-9813-cdd6dfe45bbe", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:40/72\nFirst Submission:2025-07-21T10:48:37.000000+00:00\nLast Submission:2025-08-13T16:54:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030728", "uuid": "9bc6dbd2-02c1-4d11-b628-901181987120", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030728", "to_ids": true, "type": "md5", "uuid": "de6d4380-d254-4994-882e-d1ef6b6559cc", "value": "67dbe102978e4b612237ad3ee371702f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774027999", "to_ids": true, "type": "sha1", "uuid": "0b060b69-1b83-450b-822b-77262a34b2b8", "value": "0502825fefef4d7150fd002413c5b638e2794935", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774027999", "to_ids": true, "type": "sha256", "uuid": "06f51389-f110-4ede-ac12-119b032d81ec", "value": "6780116ec3eb7d26cf721607e14f352957a495d97d74234aade67adbdc3ed339", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024630", "to_ids": true, "type": "ssdeep", "uuid": "0cdbb4a6-19ea-4a9b-95cb-b57673f8ef65", "value": "98304:eEhpAeXBvyOx3mmEqb9jZLIEOTEysjWZbfN02IWafgeg/yvG0:BBI+HL3zyyWtV7IWaY/H0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024630", "to_ids": false, "type": "size-in-bytes", "uuid": "29d8e69c-ac46-4cb4-b75c-ffb25a6b83cc", "value": "4793676" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024630", "to_ids": true, "type": "vhash", "uuid": "cbca55e6-aad4-4905-afb9-1d9e00c64da6", "value": "5b3e401e60e144e438067a5c3236591d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024630", "to_ids": true, "type": "filename", "uuid": "e8c3623b-0263-4440-9aea-27bb52e3acd3", "value": "Survey.zip" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024630", "to_ids": false, "type": "text", "uuid": "09a03757-23e8-43ae-9a0b-1608796a8258", "value": "IoCs related to APT35\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:37/69\nFirst Submission:2025-05-05T08:36:37.000000+00:00\nLast Submission:2025-05-05T08:36:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030750", "uuid": "73b428a8-fb9f-4254-9360-64125a75b2ef", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030750", "to_ids": true, "type": "md5", "uuid": "3ea3f261-ca76-4bc7-bda8-65c244cd21d4", "value": "721ec011d75fea67ce9cb2796412651e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028000", "to_ids": true, "type": "sha1", "uuid": "df15549e-12ba-4071-ac71-302c80404a53", "value": "845ae4cd37f84dfcc052d6647115a7952d0f9702", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028001", "to_ids": true, "type": "sha256", "uuid": "3e474b25-e646-4680-990e-a5b2fb3a4442", "value": "3b58fd0c0ef8a42226be4d26a64235da059986ec7f5990d5c50d47b7a6cfadcd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024652", "to_ids": true, "type": "ssdeep", "uuid": "9d53d70c-8896-4539-9232-d7b845df48fb", "value": "98304:W8G/sxmr7aS19hAaSZG56VPJiOogLt66g9OH7S/hFhu2O04jTChh02ijUIn8J9L:Wtr7aSVU66om7S/vOnGhhRioIn8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024652", "to_ids": false, "type": "size-in-bytes", "uuid": "19c40240-deca-4835-adfd-361875806e70", "value": "17804144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024652", "to_ids": true, "type": "vhash", "uuid": "deda1752-1050-40e6-a46b-a5a60f7fb925", "value": "117066655d7565155az5d=z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024652", "to_ids": true, "type": "filename", "uuid": "453bdc96-7eb5-4b1d-9dbe-076431b8341e", "value": "userenv.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024652", "to_ids": false, "type": "text", "uuid": "0c21672c-f6f2-4d33-a7d3-2cd6a8e08a3d", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVE!MTB\nVT Total Detection:26/72\nFirst Submission:2025-07-15T13:04:58.000000+00:00\nLast Submission:2025-07-15T13:04:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030771", "uuid": "c11bd94a-7f5e-4750-87ad-99b8a514dc88", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030771", "to_ids": true, "type": "md5", "uuid": "2400178e-4216-4172-b92d-e792ca0b43f2", "value": "0c6f48c62d56b454ebc0e1b7e044ca69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028002", "to_ids": true, "type": "sha1", "uuid": "bdc2546e-8fcb-4675-9fd7-87e2aba1db65", "value": "037ba18395f80d7ff481f95412a3367d8553233b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028002", "to_ids": true, "type": "sha256", "uuid": "8bc7cd8f-a1f8-4d1e-9cb6-9a4ae60f2acc", "value": "c22b12d8b1e21468ed5d163efbf7fee306e357053d454e1683ddc3fe14d25db5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024696", "to_ids": true, "type": "ssdeep", "uuid": "2809bba6-5ad8-4601-b9c8-d6c87e67e216", "value": "24576:FnjzpucozWOO3EZKw9doaU3i491CioFRWxY:Fnvo5td491BoIY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024696", "to_ids": false, "type": "size-in-bytes", "uuid": "4d10bbd2-72b0-43f9-8b49-45548422ea08", "value": "1508352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024696", "to_ids": true, "type": "vhash", "uuid": "3d1f466e-9678-4f4f-b0f1-2b60cc9ee2b8", "value": "116066655d1555155az5enz1dz6a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024696", "to_ids": true, "type": "filename", "uuid": "d8135f33-bc49-4ec8-9784-84228c3f0c2f", "value": "examine.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024696", "to_ids": false, "type": "text", "uuid": "6485f208-fca9-444e-8a6a-541750fe279f", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:44/72\nFirst Submission:2024-07-11T21:34:38.000000+00:00\nLast Submission:2024-07-11T21:34:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030794", "uuid": "86745bf2-5c52-4e64-9070-8eed876c6d71", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030794", "to_ids": true, "type": "md5", "uuid": "dfbc81a8-e761-4a6c-90f6-e6396a26bde3", "value": "097447c4b526f8a42e3144afe510ec20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028003", "to_ids": true, "type": "sha1", "uuid": "a3ee5bc9-8754-49e7-a421-0cd35e911200", "value": "ed5f66bbb5967131d069ea70fbeed8ad233f7f99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028003", "to_ids": true, "type": "sha256", "uuid": "a2a4eaaa-9fba-445f-bbcd-f879fb8713cc", "value": "cf0c50670102e7fc6499e8d912ce1f5bd389fad5358d5cae53884593c337ac2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024718", "to_ids": true, "type": "ssdeep", "uuid": "dbc1e0eb-40b6-49ec-b265-4a01dacf9ae3", "value": "98304:8e1WIhkeuYVaKRk7SJjUDfFcKHvJpEdR2p+1u64QO4ulomeU27by5RPQrGh4uccV:FzLq7SlgfzHkc64Qko2UbUZH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024718", "to_ids": false, "type": "size-in-bytes", "uuid": "20e07226-c720-4ad0-a26d-a9132e67ff5d", "value": "9905736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024718", "to_ids": true, "type": "vhash", "uuid": "3e4dbf32-46c7-454d-ae09-8e6a884dfc76", "value": "096066655d7565155az5b!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024718", "to_ids": true, "type": "filename", "uuid": "351875d8-a1e3-40b5-a2f3-afbf1faebbbe", "value": "Rheinmetall.survey.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024718", "to_ids": false, "type": "text", "uuid": "2cff298c-de00-4a8b-9c04-88231f9e367a", "value": "IoCs related to APT35\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Nimbus.GVB!MTB\nVT Total Detection:44/72\nFirst Submission:2025-07-08T09:20:24.000000+00:00\nLast Submission:2025-07-08T09:20:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030815", "uuid": "4eea1c30-20b9-450f-826f-74d5804e1857", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030815", "to_ids": true, "type": "md5", "uuid": "e5fc41b4-6b02-4422-b2ff-e74a217c2590", "value": "b319d8972115895f156807348fa9b45f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028005", "to_ids": true, "type": "sha1", "uuid": "3b9fb9f7-4eea-4397-a511-f1ff84a293b9", "value": "41dfa13a9ea89d13da3a692795d00973724a2fab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028005", "to_ids": true, "type": "sha256", "uuid": "a1413f2d-79d4-4e00-addb-2156b7ef4a70", "value": "1b629042b5f08b7460975b5ecabc5b195fcbdf76ea50416f512a3ae7a677614a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024741", "to_ids": true, "type": "ssdeep", "uuid": "4570f61a-a048-4082-bbb1-7f566e6b5497", "value": "98304:6ai4+caxCg2yIF6n7X6AopGmTE9uJKhF/UBEMN+T6enuKD1bPbyfURRxy2R7eZ4n:63fkg2zk7XZopGiJyIj+Tl5bycfHI/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024741", "to_ids": false, "type": "size-in-bytes", "uuid": "29063211-8cea-417c-8c15-71c4dfba6ae6", "value": "6427648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024741", "to_ids": true, "type": "vhash", "uuid": "834ac950-bdb6-4544-9a27-0cc2b074b1e7", "value": "166066656d7565155az5d&za40" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024741", "to_ids": true, "type": "filename", "uuid": "93e59fe7-561e-4c12-9e62-abbc3940b4a1", "value": "unbcl.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024741", "to_ids": false, "type": "text", "uuid": "4edf548a-8edf-472b-b59a-cc61b879a48f", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:42/72\nFirst Submission:2025-05-05T08:38:02.000000+00:00\nLast Submission:2025-05-05T08:38:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030836", "uuid": "720c134b-cc49-4683-b06f-afd3ab70a96d", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030836", "to_ids": true, "type": "md5", "uuid": "555b68f3-ccb4-4667-a9b8-8130d15c9ee3", "value": "7d216c57da81193a45c67c323d4049c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028007", "to_ids": true, "type": "sha1", "uuid": "473d9dad-dd11-49be-a1f5-63893530490c", "value": "c1ecaadde03b80cc6722f0b6ff289fdedd594abc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028007", "to_ids": true, "type": "sha256", "uuid": "d1a98eb9-c5fd-4dd2-9424-7deaea98293f", "value": "41d60b7090607e0d4048a3317b45ec7af637d27e5c3e6e89ea8bdcad62c15bf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024764", "to_ids": true, "type": "ssdeep", "uuid": "aeaa6e79-214b-4586-b547-be9b56742f7f", "value": "98304:HG9nwXO0q4PZYeww1kZZywI4GJw3a+ck8++o17+7:ikO0HPZYev1kXywI4Gq+o17s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024764", "to_ids": false, "type": "size-in-bytes", "uuid": "fe7d1c93-1a96-44bf-84e6-f8fcaf3cbc78", "value": "4387202" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024764", "to_ids": true, "type": "vhash", "uuid": "38911b99-aa37-42d6-a880-ce34e306189a", "value": "9eb6861ff7d2b06e083d0d8312f2cd01" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024764", "to_ids": true, "type": "filename", "uuid": "bc3c73fc-5f5f-49ee-a01b-29ac291cf169", "value": "IMG_0411.zip" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024764", "to_ids": false, "type": "text", "uuid": "a075ea4a-4983-4941-8fc5-47148eb0eb89", "value": "IoCs related to APT35\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:36/69\nFirst Submission:2025-05-14T08:17:10.000000+00:00\nLast Submission:2025-05-14T08:17:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030858", "uuid": "f7f7c839-b533-4436-861e-7c38208f43b5", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030858", "to_ids": true, "type": "md5", "uuid": "ffb89b92-e829-499e-a40b-796d599b4bb2", "value": "fac805be171884ddbd1396f6a59c90eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028008", "to_ids": true, "type": "sha1", "uuid": "4c63bc15-dadb-4603-8039-1a77ce93d989", "value": "744390c471b9fe24831983ae7a23e9dd163e638a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028009", "to_ids": true, "type": "sha256", "uuid": "b6a10274-f1a1-41dd-8db4-39f7ad994671", "value": "e77b7ec4ace252d37956d6a68663692e6bde90cdbbb07c1b8990bfaa311ecfb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024808", "to_ids": true, "type": "ssdeep", "uuid": "06dbbeab-f8a1-490d-b352-9080159e6dff", "value": "98304:j91ajbHsDpA4n79Xq9j6DdhfybkdLOwxnSBIVQ:J1ajbMa4n79a9mDdNybkgQnSGV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024808", "to_ids": false, "type": "size-in-bytes", "uuid": "11c58b62-13bc-4eae-8da9-e9d3d40f936d", "value": "7782912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024808", "to_ids": true, "type": "vhash", "uuid": "9e8b05ec-465a-4e0c-8505-efea6d10f4ff", "value": "176056655d75655az5e=z45" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024808", "to_ids": true, "type": "filename", "uuid": "6d67a17b-c720-48ec-a5f6-fdafb30e5ffb", "value": "wts.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024808", "to_ids": false, "type": "text", "uuid": "1cc28e1e-25f6-4f7a-8b8b-cce75fdaeaa1", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:40/72\nFirst Submission:2025-03-05T15:37:12.000000+00:00\nLast Submission:2025-03-05T15:37:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030879", "uuid": "a2a1462e-c827-49f5-80be-0b2561f03b47", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030879", "to_ids": true, "type": "md5", "uuid": "a87af6db-35a4-49c0-a2e5-3a1c140544e2", "value": "776677256087a5a0f543a6b6317cadf8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028010", "to_ids": true, "type": "sha1", "uuid": "931f62d3-104a-4088-8208-c60e8ab89145", "value": "3515136a3c4b307c8249215143cfb958c9aaf490", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028010", "to_ids": true, "type": "sha256", "uuid": "49264bdd-b16c-4fca-9963-aeec45c556c4", "value": "5985bf904c546c2474cbf94d6d6b2a18a4c82a1407c23a5a5eca3cd828f03826", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024831", "to_ids": true, "type": "ssdeep", "uuid": "b7aca873-044a-40a5-8c9e-d635043d1a7c", "value": "6144:sLDOuBA6AdkRpHAsSn3vm3J0KrNkwaM+lLjkr5LqMGUISMRf0aWCZne:sXOuBA6AdKR0qG6WM+ldBWEe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024831", "to_ids": false, "type": "size-in-bytes", "uuid": "0cb50094-a259-4c23-925b-f7e0db96df59", "value": "386048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024831", "to_ids": true, "type": "vhash", "uuid": "51231c8f-5acc-4b5e-9b43-87c3b8614a27", "value": "135066655d155d055az51=z23" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024831", "to_ids": true, "type": "filename", "uuid": "4a4e4956-71dd-4843-889e-dbad6ade0c0c", "value": "iumbase.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024831", "to_ids": false, "type": "text", "uuid": "16f1bd0b-17cf-421d-a629-c95ba990ec97", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win64/CandleStone.C!dha\nVT Total Detection:24/71\nFirst Submission:2025-06-12T09:40:31.000000+00:00\nLast Submission:2025-07-09T05:44:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030900", "uuid": "057431a6-5cfa-4942-88fa-e8fcf3158334", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030900", "to_ids": true, "type": "md5", "uuid": "016612c9-acad-489d-856c-2a5aac429d54", "value": "1baeff23794e47eb5c927c0303b7cd92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028012", "to_ids": true, "type": "sha1", "uuid": "18f6865d-85ad-49d5-b9e6-6c5fdabf4422", "value": "6b83c47142a49001e51123bfc6de8f9db32d5729", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028012", "to_ids": true, "type": "sha256", "uuid": "aa6ae0ca-d6a5-465e-ab0a-271353768a2c", "value": "53ff76014f650b3180bc87a23d40dc861a005f47a6977cb2fba8907259c3cf7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024853", "to_ids": true, "type": "ssdeep", "uuid": "5dee0a33-9e1c-4041-be68-2f2755407156", "value": "196608:ztNuFrW1XEeDhcueYTmHLJ3Rt06K9sDyg/fZg:zt1hT+LpELCyQZg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024853", "to_ids": false, "type": "size-in-bytes", "uuid": "2acbdb70-7a7a-4935-9ff6-a11cd0582032", "value": "9777016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024853", "to_ids": true, "type": "vhash", "uuid": "35a2b3c6-ba18-40f6-a3db-54562ab2089a", "value": "196066655d7565155az5d=z3b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024853", "to_ids": true, "type": "filename", "uuid": "f722a946-99b3-4c62-b102-1c03a8265289", "value": "userenv.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024853", "to_ids": false, "type": "text", "uuid": "6c36e85e-2f9f-4b5b-886a-599554a409c5", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:33/72\nFirst Submission:2025-07-30T13:45:04.000000+00:00\nLast Submission:2026-01-19T13:37:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030922", "uuid": "b93ee943-b82b-45a0-9549-a4bc2cc63480", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030922", "to_ids": true, "type": "md5", "uuid": "6df3f7ea-a29b-42b2-8aed-fe26e660b42a", "value": "cef266a5ea7ba57abc576cbeb5497c97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028014", "to_ids": true, "type": "sha1", "uuid": "2e021494-ccce-45aa-8634-462b3ba6b566", "value": "bdeb5634d8d1eb1c1c870672ab9eb1f8411c25d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028014", "to_ids": true, "type": "sha256", "uuid": "52dcf724-62f6-4988-bd43-14fb6baaa427", "value": "a37d36ade863966fb8520ea819b1fd580bc13314fac6e73cb62f74192021dab9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024897", "to_ids": true, "type": "ssdeep", "uuid": "ddd8df40-e91f-43ad-b21b-2048441641c3", "value": "98304:bw3crsgAxAC+pUBvXL+5U+4wzG3+H7/W+rZo1hIz1DoyP:wIsgAyC+yBvXL+5Z4w7Zoez1Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024897", "to_ids": false, "type": "size-in-bytes", "uuid": "559a3b67-a6e1-4018-b655-83ca7ac40252", "value": "4272392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024897", "to_ids": true, "type": "vhash", "uuid": "abdf76eb-8f2e-4c99-b9e2-262f67c47490", "value": "c1a51f211e07187ef38ee0558225ae04" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024897", "to_ids": true, "type": "filename", "uuid": "9d3e5577-06fb-48ef-a681-9d439aaacb6f", "value": "content.zip" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024897", "to_ids": false, "type": "text", "uuid": "a41d77a6-01f0-4896-82de-6cfb915cbe35", "value": "IoCs related to APT35\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:37/69\nFirst Submission:2025-07-08T09:19:58.000000+00:00\nLast Submission:2025-07-08T09:19:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030943", "uuid": "381cfbbf-7a85-4bfe-b9e2-72cb8b0fba00", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030943", "to_ids": true, "type": "md5", "uuid": "768ec76a-5f56-4a90-a977-45703d7f426b", "value": "b19a097c237d594a85986881f69f127d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028015", "to_ids": true, "type": "sha1", "uuid": "4e0a90ea-f93a-4c5b-bf3f-10b49566c981", "value": "2910168bdc05fb8279ae8eddb396144980d1d47d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028016", "to_ids": true, "type": "sha256", "uuid": "f816f3f9-15e3-4e6f-8b91-c3ddce3fd18c", "value": "5d832f1da0c7e07927dcf72d6a6f011bfc7737dc34f39c561d1457af83e04e70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024920", "to_ids": true, "type": "ssdeep", "uuid": "9a2dad37-a309-4653-a287-ea70b308f89f", "value": "98304:XTFMGCUII89J56eNn4uBd++4HFtAeZE2lWJaoeEnMc8/NndcwxDp:X5MGCU98xZN4uBs9kSWHeEMcwNndzxN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024920", "to_ids": false, "type": "size-in-bytes", "uuid": "36999b2e-ec7b-4877-b2cc-d1f46ff93695", "value": "4605116" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024920", "to_ids": true, "type": "vhash", "uuid": "ce16992b-f875-4852-b8f8-b5a0ba41bb54", "value": "28a53f081921f06334c7b29da0848647" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024920", "to_ids": true, "type": "filename", "uuid": "9c8659f9-8e57-459b-b374-f94a39bc484d", "value": "airbus-survey-portal (1).zip" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024920", "to_ids": false, "type": "text", "uuid": "831daaf6-7e60-4a15-ad71-e7000626ac2a", "value": "IoCs related to APT35\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:35/69\nFirst Submission:2025-07-21T10:47:34.000000+00:00\nLast Submission:2025-07-21T10:48:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030965", "uuid": "75c4635a-859b-4fb2-a0ee-5397e39a5da5", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030965", "to_ids": true, "type": "md5", "uuid": "0364ed02-89c7-4944-91e5-e5e0ea26720e", "value": "3a85381dd880c69f40b02859cd9fd473", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028017", "to_ids": true, "type": "sha1", "uuid": "05529bb2-c4df-493b-ba62-61ec85641b21", "value": "6d66923725e711023d12ac092e5a961f52add6c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028017", "to_ids": true, "type": "sha256", "uuid": "01497b41-b4cf-4fdd-bb09-86f9e416afa9", "value": "b43487153219d960b585c5e3ea5bb38f6ea04ec9830cca183eb39ccc95d15793", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024964", "to_ids": true, "type": "ssdeep", "uuid": "c02857f4-aa19-494a-9e3e-e897767ec099", "value": "49152:PqR2YPZtiebIVjgFvDLDr6gsHPs0oFdCiMjgc8Y8cJ6qpxUL:S73iekVjgRPDrNxdCiMjgs8m62w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024964", "to_ids": false, "type": "size-in-bytes", "uuid": "4c6094aa-62a6-487f-af99-42f1499aa139", "value": "4225024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024964", "to_ids": true, "type": "vhash", "uuid": "2e5dd4bf-afc3-4658-9203-b1c4c3b478a3", "value": "146066655d6565155az58=z1a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024964", "to_ids": true, "type": "filename", "uuid": "1862c253-dde5-42e7-971b-b65685a62f0f", "value": "cabinet.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024964", "to_ids": false, "type": "text", "uuid": "0cf52df3-cdaf-4593-b697-903998afa2cc", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:30/72\nFirst Submission:2025-05-05T08:38:02.000000+00:00\nLast Submission:2025-11-04T14:08:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774030986", "uuid": "4452d145-2789-4507-958c-e96db83d54ac", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774030986", "to_ids": true, "type": "md5", "uuid": "af20deaf-2b1d-4587-a01c-9161b4bf4b92", "value": "53d0f4a75e8acbb6255bb44242e4843f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028019", "to_ids": true, "type": "sha1", "uuid": "96bf53ca-856c-4653-8fef-2713c7bb8050", "value": "d84a9f9ad37561f870eb3375a7b324dd4b591b91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028019", "to_ids": true, "type": "sha256", "uuid": "f98a764b-e157-4743-8d2c-c3886a5ef58a", "value": "23c0b4f1733284934c071df2bf953a1a894bb77c84cff71d9bfcf80ce3dc4c16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774024986", "to_ids": true, "type": "ssdeep", "uuid": "ff6550c2-3942-4f9c-b8b2-c685346afd9b", "value": "98304:IrlyD+mMcM12wW3fM+MGen9n3efGNtHw8iaFVTU:eU+mMcMbWU+MGen9n3eONZ1FVo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774024986", "to_ids": false, "type": "size-in-bytes", "uuid": "2f81e827-b1eb-48a0-92de-38df9037ab8b", "value": "3765974" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774024986", "to_ids": true, "type": "vhash", "uuid": "7c1b15b3-b7dc-428c-b959-ee40dff99307", "value": "28a53f081921f06334c7b29da0848647" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774024986", "to_ids": true, "type": "filename", "uuid": "ded2a141-b54b-4af3-9fa3-6e24b3e22824", "value": "HR Portal.zip" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774024986", "to_ids": false, "type": "text", "uuid": "21e6673d-0c43-4676-b182-89577d226243", "value": "IoCs related to APT35\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:37/69\nFirst Submission:2025-07-30T13:44:45.000000+00:00\nLast Submission:2025-07-30T13:44:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031008", "uuid": "30cd1948-bce3-4a4d-b062-019cfa804156", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031008", "to_ids": true, "type": "md5", "uuid": "fd1e146e-4577-4090-afa5-70ed0e690474", "value": "c4b95c1ba3671c5172e7eb01178a7c39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028021", "to_ids": true, "type": "sha1", "uuid": "6a24eb56-7969-4a34-bc1d-b81190ec561d", "value": "e812a52b63a45f6862bde5b65b2bdbea04de84b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028021", "to_ids": true, "type": "sha256", "uuid": "b8222cfe-6939-446a-a682-8f98d39838a3", "value": "0b2c137ef9087cb4635e110f8e12bb0ed43b6d6e30c62d1f880db20778b73c9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025030", "to_ids": true, "type": "ssdeep", "uuid": "bdedda89-3777-4660-a736-30a25052e979", "value": "12288:6NeTu1SoGPzZva13Bt10Rytj/2+hzt8uPzDY8wjgokp9WxA0JkeETsy7kEbQ:U1WVi3Vb2+hztXzDhnoknWx7KThbQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025030", "to_ids": false, "type": "size-in-bytes", "uuid": "2166748a-5d07-45e4-a91e-10e28fee0242", "value": "723187" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025030", "to_ids": true, "type": "vhash", "uuid": "4f26df84-9507-40e2-9abc-da0a340bc427", "value": "13e847c5093515e7b42e209c27034385" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025030", "to_ids": false, "type": "text", "uuid": "262ec232-fb0a-4920-b0c3-8152c951a8ae", "value": "IoCs related to APT35\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:36/69\nFirst Submission:2024-10-04T07:12:55.000000+00:00\nLast Submission:2024-10-04T07:12:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031029", "uuid": "7228b14b-88ec-4127-aaac-81de55651e99", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031029", "to_ids": true, "type": "md5", "uuid": "650b4f3f-b3ad-4d76-90f8-a265cfe74280", "value": "20e80c787e129ec11de9accdd0ae4611", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028023", "to_ids": true, "type": "sha1", "uuid": "4bb8aaee-48be-4e93-abc2-d98fb7590d35", "value": "d5a9b90ee4584ed5c60914f3978a6c49671de912", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028023", "to_ids": true, "type": "sha256", "uuid": "488d7393-ac9d-458a-86c2-77fdbadc6bd2", "value": "4260328c81e13a65a081be30958d94b945fea6f2a483d051c52537798b100c69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025053", "to_ids": true, "type": "ssdeep", "uuid": "050fd516-36c4-4122-99f7-0f3206fe745f", "value": "98304:RNTWZqZ7XQkto/bCeFCrzgQf12R7EhrO+r:RxWZqZ7gSlgQfAR8rO+r" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025053", "to_ids": false, "type": "size-in-bytes", "uuid": "43a6133d-a56f-4b75-a77d-3424650c0042", "value": "4500111" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025053", "to_ids": true, "type": "vhash", "uuid": "30c0c49d-0dd6-417e-935d-340081c67771", "value": "ca6293c69670eac81ff8f17cb1c5a506" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025053", "to_ids": true, "type": "filename", "uuid": "807f0a84-61f2-460b-ad47-a788d2706954", "value": "4260328c81e13a65a081be30958d94b945fea6f2a483d051c52537798b100c69.zip" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025053", "to_ids": false, "type": "text", "uuid": "21e7d84c-e305-49ec-8b21-37099262df0b", "value": "IoCs related to APT35\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:35/69\nFirst Submission:2025-06-26T05:52:51.000000+00:00\nLast Submission:2025-09-11T23:30:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031053", "uuid": "a7b1f0dd-e6d2-4cd4-92ec-66e5766da5df", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031053", "to_ids": true, "type": "md5", "uuid": "e6ab3af6-569e-41ab-8a66-76b3e16d1f13", "value": "0c76c41dfe6989ba042e27755e2b68f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028024", "to_ids": true, "type": "sha1", "uuid": "50b80609-2dd0-4e0a-871a-083e26410921", "value": "edda7fb72a1302a5658ee279ddf90e0e32779310", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028025", "to_ids": true, "type": "sha256", "uuid": "7599e52c-9bc8-414f-8d1b-e61b7b9606e2", "value": "b405ae67c4ad4704c2ae33b2cf60f5b0ccdaff65c2ec44f5913664805d446c9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025076", "to_ids": true, "type": "ssdeep", "uuid": "9db6a2e7-764c-4fe4-91c7-201aabd50996", "value": "6144:lL06VMaHfLeMRZCaALAjSKauP5HpUVi+EZfgwJLYTSg2TCN/E8Lp/Oo:Z062+fjZdAMWKrJUvEZYwVYTATC5E8Jr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025076", "to_ids": false, "type": "size-in-bytes", "uuid": "03a309fc-b3c0-4aaa-ba42-d710e17c63c2", "value": "335741" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025076", "to_ids": true, "type": "vhash", "uuid": "c8643117-f284-4497-ad1e-c61124085908", "value": "50a8d41f8169263b65ed33c016062cf4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025076", "to_ids": true, "type": "filename", "uuid": "a01da882-62fe-4a1f-9625-3ef5efcbfa05", "value": "_b405ae67c4ad4704c2ae33b2cf60f5b0ccdaff65c2ec44f5913664805d446c9b.zip" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025076", "to_ids": false, "type": "text", "uuid": "b96bd053-cbe2-4c55-b492-34e585cd349e", "value": "IoCs related to APT35\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:39/69\nFirst Submission:2025-07-29T14:09:37.000000+00:00\nLast Submission:2025-08-08T19:07:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031075", "uuid": "0ddcdfc2-4f46-4b98-b364-87e0d1535955", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031075", "to_ids": true, "type": "md5", "uuid": "fcf20d4f-4971-4fc7-b23f-65d40d2427ef", "value": "b683628884cc1d00c234ea2f4b85d153", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028026", "to_ids": true, "type": "sha1", "uuid": "68087c8d-b972-4f2c-aabb-194e9af9a4a5", "value": "75a60296945a84d0952df5d1d07b21d90c5eb088", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028026", "to_ids": true, "type": "sha256", "uuid": "5377368c-f314-4332-835c-f2737b9659c2", "value": "061c28a9cf06c9f338655a520d13d9b0373ba9826a2759f989985713b5a4ba2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025120", "to_ids": true, "type": "ssdeep", "uuid": "525fb30e-f465-4c2c-941d-12576fcb7f89", "value": "12288:gK7XvhkXM+VOrUoTBIaEdhOJJAvx8BBddKHm3kpoRhi0wB88h+vek9qgS3qGUaxA:D5kDVZoTmaDtD4vuZyJWJxb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025120", "to_ids": false, "type": "size-in-bytes", "uuid": "1c633bc3-41fa-49dd-84f2-2f734d8c659a", "value": "1270272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025120", "to_ids": true, "type": "vhash", "uuid": "c52c3f8d-96b4-4036-b549-eab330233913", "value": "116066655d1555155az58?z5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025120", "to_ids": true, "type": "filename", "uuid": "6192cf32-291c-494e-8cea-fcaceb556d7d", "value": "manifest.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025120", "to_ids": false, "type": "text", "uuid": "aea5820e-9177-4f7b-bebc-6e2bd97d71e6", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVH!MTB\nVT Total Detection:41/72\nFirst Submission:2024-10-03T13:10:56.000000+00:00\nLast Submission:2024-10-04T07:20:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031096", "uuid": "b0f8ff9a-c1bf-43a1-8217-2fe0753b4bd8", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031096", "to_ids": true, "type": "md5", "uuid": "7f8c6334-402a-4451-ad67-de73c789b2ac", "value": "1965a61d6f96b7bb221564ad52ba9719", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028028", "to_ids": true, "type": "sha1", "uuid": "574d0d9a-b850-495e-b223-814a53fda415", "value": "0ffecfb8f6fe484b00ba3a185a3466841ecb9015", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028028", "to_ids": true, "type": "sha256", "uuid": "391717cb-0d3f-42a8-b9d3-72a97cc2b692", "value": "3b4667af3a3e6ed905ae73683ee78d2c608a00e566ae446003da47947320097f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025149", "to_ids": true, "type": "ssdeep", "uuid": "937bf44b-f153-4146-b939-9cf2fc810c9e", "value": "98304:VO6UTZuhjw88yP4KxssUyBuk7guo1Fimi4r+NX6waLSC3zv+dR6ntBpqXkdfu:VZUTZYDNHuk7gemF+B6wYJqi6kdfu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025149", "to_ids": false, "type": "size-in-bytes", "uuid": "dd94d7a1-186e-4ec2-acd8-276e23f01f2a", "value": "6457680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025149", "to_ids": true, "type": "vhash", "uuid": "c57047f6-6338-49c5-809c-916fbfa452c8", "value": "166066656d7565155az5f&za40" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025149", "to_ids": true, "type": "filename", "uuid": "89d34440-42cd-412a-8d05-952425d1b3d2", "value": "unbcl.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025149", "to_ids": false, "type": "text", "uuid": "e695a50c-c4fa-4693-9242-955a0dac14dc", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVI!MTB\nVT Total Detection:30/72\nFirst Submission:2025-06-12T15:07:18.000000+00:00\nLast Submission:2025-06-12T21:43:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031117", "uuid": "566dffb6-eb98-47ac-b83b-90550a3eea1f", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031117", "to_ids": true, "type": "md5", "uuid": "75a64fa9-04d3-4127-87a8-f4fbc466180c", "value": "68abbdd75f82a22e3cf6200e13a664b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028030", "to_ids": true, "type": "sha1", "uuid": "17292524-6b9a-4e1e-8c76-6e497756709e", "value": "9df7c1e7cff0da299c17459fce7fff1196ca2e4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028030", "to_ids": true, "type": "sha256", "uuid": "668351e4-24ed-4d08-b276-c9ef76a71ae3", "value": "afe679de1a84301048ce1313a057af456e7ee055519b3693654bbb7312083876", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025171", "to_ids": true, "type": "ssdeep", "uuid": "a87126af-c28c-4143-89ca-1c85bccbc9e8", "value": "98304:49Cg8JRcAx03+nvaj+T0gcrAChw9r82kEIa/tEFvUO95HYBb2n8e5kOlZS3/32w9:49Cg8zd8EIG4vUzMkOlQ3/hd1a+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025171", "to_ids": false, "type": "size-in-bytes", "uuid": "e41219dc-b0bb-4e83-b128-d084a228700e", "value": "7106896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025171", "to_ids": true, "type": "vhash", "uuid": "de3fe17e-33cf-4ae8-9806-e89ba02ac88c", "value": "176066655d7565155az69?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025171", "to_ids": true, "type": "filename", "uuid": "d5d99cd3-487e-4b5c-b1de-c53e8034c873", "value": "wm.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025171", "to_ids": false, "type": "text", "uuid": "7293414f-02ed-4d42-9a1f-757d10481be7", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVI!MTB\nVT Total Detection:38/72\nFirst Submission:2025-06-04T21:02:18.000000+00:00\nLast Submission:2025-06-17T12:12:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031139", "uuid": "3c5558d0-10db-4cff-8aed-5ea0a9af4c57", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031139", "to_ids": true, "type": "md5", "uuid": "3c35e6c0-6b7b-4a6c-ab41-099f56c9c187", "value": "be2bd408c615997c600871970573f023", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028031", "to_ids": true, "type": "sha1", "uuid": "cb6be768-6481-4a0c-a795-e6ddb652baf8", "value": "d67a8fc7af7113d147f049a9b8c430f3563e984d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028031", "to_ids": true, "type": "sha256", "uuid": "0d807e08-f498-4999-a990-02607d2a0647", "value": "4da158293f93db27906e364a33e5adf8de07a97edaba052d4a9c1c3c3a7f234d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025220", "to_ids": true, "type": "ssdeep", "uuid": "27b31898-c6c1-4b76-b927-028a60126f2c", "value": "12288:QDjIlxJfHycCMEHP/LxG7BxKM0ifpxLNRY0OJjBBA9PMC6M7Afisl1vdg0eo3i:eIlxaUMfisl11g0ej" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025220", "to_ids": false, "type": "size-in-bytes", "uuid": "9d3293bc-1534-47ec-bdef-ec254f0c1adf", "value": "573440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025220", "to_ids": true, "type": "vhash", "uuid": "954fd9e4-c964-44cc-8d87-57fe5670030a", "value": "155076655d155515555az5a=z6a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025220", "to_ids": true, "type": "filename", "uuid": "fd7db826-5f63-46b9-abbf-d7f4c5c36019", "value": "sspicli.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025220", "to_ids": false, "type": "text", "uuid": "13862108-aa19-44da-8c1d-23ea1594d8c5", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Mikey.MCJ!MTB\nVT Total Detection:46/72\nFirst Submission:2024-09-05T11:33:24.000000+00:00\nLast Submission:2024-09-09T06:57:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031160", "uuid": "3a1d2dd2-61d4-4c45-a94a-a6e427e4fdfb", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031160", "to_ids": true, "type": "md5", "uuid": "bc505d78-40e6-4cd7-8c2e-d4f91843f9cf", "value": "be556a0d7d75524acc5518482e43ed9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028032", "to_ids": true, "type": "sha1", "uuid": "ee7c651a-ecff-441e-bf3f-e7aa0f948f80", "value": "ceeb1881458dc24340adcfee54be3433b8df9d00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028033", "to_ids": true, "type": "sha256", "uuid": "49ecefe0-0716-4ec2-b94e-d635af210d5e", "value": "f54fccb26a6f65de0d0e09324c84e8d85e7549d4d04e0aa81e4c7b1ae2f3c0f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025242", "to_ids": true, "type": "ssdeep", "uuid": "6d55759a-45ba-46b1-9fd4-f0be35fd522a", "value": "196608:QKDM8zg/eZn7YHJfggwE48gb/+ow0wp4POXx3yUknfirjLPZ:RM8c/eMy/Dw0wWW0nSLPZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025242", "to_ids": false, "type": "size-in-bytes", "uuid": "d2147781-50b0-45c8-9aba-f919ebbe5938", "value": "28699512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025242", "to_ids": true, "type": "vhash", "uuid": "d2ec9840-c37d-4c9b-93f5-d1065248a61b", "value": "127066655d7565155az5e=ze0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025242", "to_ids": true, "type": "filename", "uuid": "50f09b75-47b5-4627-affe-a96004e7b963", "value": "xnfeu.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025242", "to_ids": false, "type": "text", "uuid": "33dc4ddd-3676-4a6c-b8cf-43b3a2125fce", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Detplock\nVT Total Detection:39/72\nFirst Submission:2025-09-09T11:59:58.000000+00:00\nLast Submission:2025-09-09T11:59:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031182", "uuid": "10ffc636-043d-414b-93b2-00c9fa08f5c6", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031182", "to_ids": true, "type": "md5", "uuid": "fe09ed8f-abe9-42b9-bbd0-eb2f6f8db0a3", "value": "e5f0aea43ac33bf19a78c1a600f690d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028034", "to_ids": true, "type": "sha1", "uuid": "05dea6de-c879-463e-a205-9e46caa33da1", "value": "78f12a684aac664b017682915bec1490bfa304e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028034", "to_ids": true, "type": "sha256", "uuid": "e1844e8b-108c-4264-879e-55f75f49b703", "value": "8e7771ed1126b79c9a6a1093b2598282221cad8524c061943185272fbe58142d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025265", "to_ids": true, "type": "ssdeep", "uuid": "d2a6fb51-2302-403f-8e50-04249c49b8f9", "value": "196608:lW7ZplwFrOLiGo6J18jDKZ1lbcFqyTCogKAq:lW7Zn0qPog18jDKRYQ9oFAq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025265", "to_ids": false, "type": "size-in-bytes", "uuid": "570408db-b146-4c5c-95cc-53728befe1a2", "value": "7976963" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025265", "to_ids": true, "type": "vhash", "uuid": "02e4655a-136f-40f7-b6b6-9d929915ad5a", "value": "5639319abcc8111c33e4b0fafe028d69" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025265", "to_ids": true, "type": "filename", "uuid": "babeb5aa-b184-4562-8152-456f756b2126", "value": "feu91.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025265", "to_ids": false, "type": "text", "uuid": "a52a41e7-7e57-42d7-850a-08a459f781cf", "value": "IoCs related to APT35\r\nType Description: ZIP\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:40/69\nFirst Submission:2025-09-09T11:59:07.000000+00:00\nLast Submission:2025-10-01T22:43:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031203", "uuid": "094f5b57-fa38-445e-844e-9609237f70f4", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031203", "to_ids": true, "type": "md5", "uuid": "d80dd118-3ef6-4d8f-8a51-f9c529370d08", "value": "e23637423599434a6de45b9080b7c561", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028035", "to_ids": true, "type": "sha1", "uuid": "598aeb60-7e1a-4783-bc12-ba995765b3d7", "value": "4ad8370951516dd311ebe7e024fdad3fd00e221e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028035", "to_ids": true, "type": "sha256", "uuid": "b1ef71a9-d6d0-44de-a5ff-2a7da997f468", "value": "9ec7899729aac48481272d4b305cefffa7799dcdad88d02278ee14315a0a8cc1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025288", "to_ids": true, "type": "ssdeep", "uuid": "979a22d9-7a2a-4a2c-bdb1-d2460c9f6935", "value": "98304:7m1W59kCYkIUrcsPrCTaIfbj3Y7HGLiTny:7mMfkfNUrcCCTaIjjGHG6y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025288", "to_ids": false, "type": "size-in-bytes", "uuid": "5fad54e8-de6a-42cc-9c9d-34a90aa24416", "value": "3649360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025288", "to_ids": true, "type": "vhash", "uuid": "46f1c639-a697-47b7-9c7d-5af18afcab0a", "value": "136066655d7555155az49=z1a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025288", "to_ids": true, "type": "filename", "uuid": "96270ab9-8a5c-46e7-a1df-1f892a336205", "value": "Cabinet.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025288", "to_ids": false, "type": "text", "uuid": "434d61bf-ad13-4d1f-8e78-dfdb036829bd", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVI!MTB\nVT Total Detection:29/72\nFirst Submission:2025-06-12T09:42:11.000000+00:00\nLast Submission:2025-06-12T09:42:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031225", "uuid": "c813c804-8315-473d-8cf3-00a96bd53fd2", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031225", "to_ids": true, "type": "md5", "uuid": "90d5aee8-734e-428a-ab4e-17d278a83241", "value": "96a9078d97a8b2a0cdc6632b48b8a649", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028037", "to_ids": true, "type": "sha1", "uuid": "7beaa3dd-fc3b-4abc-b372-f83ce6ddfa50", "value": "64893ae79f18d6f2b67c7b1e83e57a8deb4e2f0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028037", "to_ids": true, "type": "sha256", "uuid": "6b21b1b3-5b55-4288-8a77-4141c7b25c26", "value": "ffeacef025ef32ad092eea4761e4eec3c96d4ac46682a0ae15c9303b5c654e3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025311", "to_ids": true, "type": "ssdeep", "uuid": "4471000d-0e16-4111-848b-3f96e411c0a9", "value": "6144:z3u4siiBfKmBxuUIxpZ9TONUohO3M0eu:rZGd5KxpZwNUo3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025311", "to_ids": false, "type": "size-in-bytes", "uuid": "b9e64ac8-608b-41d9-b1f9-fc7815b03f17", "value": "294400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025311", "to_ids": true, "type": "vhash", "uuid": "41935cb0-e61d-4406-8093-0fae73887c42", "value": "125076655d155515555az5?z6a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025311", "to_ids": true, "type": "filename", "uuid": "1a1d5865-aab8-4fa6-bdf1-d41528c6bff6", "value": "sspicli.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025311", "to_ids": false, "type": "text", "uuid": "581ebd44-6169-4842-9162-af7a2fd525e3", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVJ!MTB\nVT Total Detection:48/72\nFirst Submission:2024-07-11T21:33:40.000000+00:00\nLast Submission:2024-07-11T21:34:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031246", "uuid": "89d47ddd-ec36-4c12-9cfa-ffc70ef9e3ef", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031246", "to_ids": true, "type": "md5", "uuid": "bb5db8a2-01f8-477e-82f6-ee028e7792c6", "value": "e16c8c285b1d537be5fe32e93247c282", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028039", "to_ids": true, "type": "sha1", "uuid": "26e24894-553f-473a-87d2-60b3c06aebb7", "value": "2901ce6828599186c8a91162c29038984c43adab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028039", "to_ids": true, "type": "sha256", "uuid": "a14586ac-2fd3-4298-b426-9bd0323ece9f", "value": "954de96c7fcc84fb062ca1e68831ae5745cf091ef5fb2cb2622edf2358e749e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025333", "to_ids": true, "type": "ssdeep", "uuid": "e44bd4f1-acbb-44a9-a21b-97a0e2dfc248", "value": "98304:8rVenJYrvj5kHzC8fXywlEpDutGCeRWu0SO5mEHnPxwdJjP4JU6tZtEbAf/PkJHJ:8r6fXyuEhdf1GV6tsl2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025333", "to_ids": false, "type": "size-in-bytes", "uuid": "1b455cf7-7601-4aec-82b7-936a999dec67", "value": "9916488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025333", "to_ids": true, "type": "vhash", "uuid": "5e1ac207-bfd4-4851-9d62-0535968b8c02", "value": "096066655d7565155az5b!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025333", "to_ids": true, "type": "filename", "uuid": "4635cc23-a579-4da7-9625-f99e217022d8", "value": "2025-06-29_e16c8c285b1d537be5fe32e93247c282_black-basta_cobalt-strike_vidar" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025333", "to_ids": false, "type": "text", "uuid": "19ccc4f5-d4d3-40ac-b828-521be83e9d92", "value": "IoCs related to APT35\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Nimbus.GVB!MTB\nVT Total Detection:44/72\nFirst Submission:2025-05-28T14:14:49.000000+00:00\nLast Submission:2025-09-11T22:05:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031272", "uuid": "bb9e619c-9afd-4873-b02f-93136a910f90", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031272", "to_ids": true, "type": "md5", "uuid": "b953ee38-f07c-4c32-8b0f-407c73bbc034", "value": "2dab429e52096fd9eb031fc666965a5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028041", "to_ids": true, "type": "sha1", "uuid": "98c17cbb-01ba-4509-b558-8554327ac817", "value": "daa59b1a6e4ae62bfa91722fc0b2c26799864834", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT35", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028041", "to_ids": true, "type": "sha256", "uuid": "eb9ac3ff-888f-446a-ab31-eeb21182b660", "value": "bc9f2abce42141329b2ecd0bf5d63e329a657a0d7f33ccdf78b87cf4e172fbd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025398", "to_ids": true, "type": "ssdeep", "uuid": "83b2cc7f-c8c9-4456-b794-1a7ebb9e9263", "value": "12288:6YFBZMwF9dCFmSwMxwRpJ1qXi2sJFRqzH/oeokw:rF0wkFmQxwRUy2s5qzH/oec" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025398", "to_ids": false, "type": "size-in-bytes", "uuid": "fea51b71-99b7-4963-bdd1-599451f2702e", "value": "637952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025398", "to_ids": true, "type": "vhash", "uuid": "3139d1a6-ac32-4668-a852-5087ec5606a9", "value": "165066655d1555155az5!z5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025398", "to_ids": true, "type": "filename", "uuid": "23b4b4a1-e49a-40ab-8a45-3f9730cec355", "value": "LockHostingFramework.dll" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025398", "to_ids": false, "type": "text", "uuid": "e13219c2-a32a-405f-adbd-17cb93dcda53", "value": "IoCs related to APT35\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Nimbus.GVA!MTB\nVT Total Detection:42/72\nFirst Submission:2024-10-04T07:13:12.000000+00:00\nLast Submission:2024-10-06T11:34:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031294", "uuid": "62c49d69-ac30-4c37-a146-1353c2148063", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031294", "to_ids": true, "type": "md5", "uuid": "dca0a562-e64b-4d61-85d7-c39407c81e93", "value": "347b273df245f5e1fcbef32f5b836f1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028042", "to_ids": true, "type": "sha1", "uuid": "39f9fbd3-a603-4f3e-a9eb-a7cf881a6c8e", "value": "986b68167fb0fc3ffb3985451d431c861afaeba4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028042", "to_ids": true, "type": "sha256", "uuid": "9e9a3d02-7843-40c8-b139-b7ee9c25cd19", "value": "0e51029ba28243b0a6a071713c17357a8eb024aa4298d1ccc9e2c4ac8916df4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025421", "to_ids": true, "type": "ssdeep", "uuid": "b18d1da7-c01e-444d-aba7-19ab8ea7be94", "value": "192:M3qE/N+TKKcO+BypNJ2AMaHP3HFqekZRO08hLsB2L/KuKM6VkPV9sV9M6VCV9k6:Up/N+PHP3Dc2TKu3dkaW6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025421", "to_ids": false, "type": "size-in-bytes", "uuid": "9cfeae5b-f531-4154-a68f-5de026295d84", "value": "14650" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025421", "to_ids": true, "type": "filename", "uuid": "d0ffbd16-6a44-4aed-a73e-0f7f82e8b54d", "value": "NICECURL" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025421", "to_ids": false, "type": "text", "uuid": "6e37b311-66a2-4056-9f04-9843bd244ce0", "value": "IoCs related to APT42\r\nType Description: VBA\nMicrosoft: Trojan:VBA/Malgent!MSR\nVT Total Detection:39/62\nFirst Submission:2024-02-20T02:03:32.000000+00:00\nLast Submission:2025-06-17T07:04:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031316", "uuid": "039ba94e-cfa5-43b3-874d-9c6624b76a65", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031316", "to_ids": true, "type": "md5", "uuid": "855404bc-7a3a-438d-a822-d1772482af31", "value": "2ff97de7a16519b74113ea9137c6ba0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028044", "to_ids": true, "type": "sha1", "uuid": "5713ceb8-311a-400c-87f4-72ee0d9bb68a", "value": "5def5e492435cfd423e51515925d17285b77cdbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028044", "to_ids": true, "type": "sha256", "uuid": "d345b603-2158-431a-a7bd-7c7d16149817", "value": "fe07dca68f288a4f6d7cbd34d79bb70bc309635876298d4fde33c25277e30bd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025443", "to_ids": true, "type": "ssdeep", "uuid": "16f6dd70-e5c1-438c-a4b6-f5ee33c1a238", "value": "24576:XDOJwgb7bpJsYbPQ4LiGlKMA4DQpYkZWAT8mB+lEq2O5f5qmT:X4j9KYbPQ4uGfd06kZWi8my5f5z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025443", "to_ids": false, "type": "size-in-bytes", "uuid": "313c936a-cb1b-4451-959a-a0cffdc930ae", "value": "1007440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025443", "to_ids": true, "type": "vhash", "uuid": "973ed205-a23b-4308-8bb0-906061e4a5c6", "value": "2160367515130010c2328204a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025443", "to_ids": true, "type": "filename", "uuid": "679e831b-6c02-4d55-bb10-da53af1bf449", "value": "F5UPDATER.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025443", "to_ids": false, "type": "text", "uuid": "d73a908b-bb57-4438-abc5-dfdb44861aff", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Seheq!rfn\nVT Total Detection:37/71\nFirst Submission:2023-12-17T13:39:33.000000+00:00\nLast Submission:2023-12-17T13:39:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031337", "uuid": "d7b60e7d-5541-4836-aa07-ddaefc2be72a", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031337", "to_ids": true, "type": "md5", "uuid": "5d1ea120-00b9-499b-832a-13ab9a027cab", "value": "d32f89a8a3dd360db3fa9b838163ffa0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028046", "to_ids": true, "type": "sha1", "uuid": "d7f8ce10-34ab-45b4-836e-b9e59d07f4fc", "value": "66fbe2b33e545062a1399a4962b9af4fbbd4b356", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028046", "to_ids": true, "type": "sha256", "uuid": "91e00149-707c-4429-89ba-2911d18a0520", "value": "96dec6e07229201a02f538310815c695cf6147c548ff1c6a0def2fe38f3dcbc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025466", "to_ids": true, "type": "ssdeep", "uuid": "7e47ecd2-6c80-4f66-91a6-71175ca7ec3f", "value": "24576:k9zVSJngbwPuO9YUxBNiHOWzHZSIlvJvOvgXUjLVQ:kP6awPuOOUxBNKzqvgj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025466", "to_ids": false, "type": "size-in-bytes", "uuid": "4ffe4cea-714f-43ac-9f66-679c0db382ab", "value": "1202788" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025466", "to_ids": true, "type": "vhash", "uuid": "07f67e12-c496-4089-89a9-b582cf322650", "value": "d01f7183e74764186dfa4148f221bd3d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025466", "to_ids": true, "type": "filename", "uuid": "c28f5644-d93a-4e26-a7db-20384c60881e", "value": "update (1).zip" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025466", "to_ids": false, "type": "text", "uuid": "061037df-547b-4350-a82d-ef5abe9950a3", "value": "IoCs related to APT42\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:32/68\nFirst Submission:2024-07-20T11:18:55.000000+00:00\nLast Submission:2025-11-13T06:21:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031359", "uuid": "8477e150-1307-4e84-a4b2-e0fb61f14363", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031359", "to_ids": true, "type": "md5", "uuid": "f81997b3-402e-4bf4-897a-579f424b17d9", "value": "853687659483d215309941dae391a68f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028047", "to_ids": true, "type": "sha1", "uuid": "719908f4-ffa4-4d17-b2a4-2d20d9e42e58", "value": "25005352eff725afc93214cac14f0aa8e58ca409", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028048", "to_ids": true, "type": "sha256", "uuid": "2f57da48-7428-494e-872d-7492cfb3e720", "value": "07384ab4488ea795affc923851e00ebc2ead3f01b57be6bf8358d7659e9ee407", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025489", "to_ids": true, "type": "ssdeep", "uuid": "0c3c7ea4-e010-4af0-9107-87082894540f", "value": "192:3JTnAuR1Z3SvBoGZcPm48qoNFH1WSg8c6tT9sjQ5bBtxSVmhVl:9Ay5C6joX1WSoG3PoUl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025489", "to_ids": false, "type": "size-in-bytes", "uuid": "f2243e98-a194-40fb-bb0e-ee00f8961a36", "value": "22134" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025489", "to_ids": true, "type": "filename", "uuid": "ab66013f-0e8c-4802-a52f-5c32b8073268", "value": "07384ab448.vbs" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025489", "to_ids": false, "type": "text", "uuid": "c627d8c0-7b90-4326-ae8e-cad30c4f3b0d", "value": "IoCs related to APT42\r\nType Description: VBA\nMicrosoft: Trojan:VBS/Malgent!MSR\nVT Total Detection:39/63\nFirst Submission:2024-01-16T15:36:34.000000+00:00\nLast Submission:2024-05-21T21:49:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031380", "uuid": "b257d603-90c3-40e0-ac89-f3a1986dceb5", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031380", "to_ids": true, "type": "md5", "uuid": "f5b96620-99f4-4ed0-8e0a-b072140dc4af", "value": "dd2653a2543fa44eaeeff3ca82fe3513", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028049", "to_ids": true, "type": "sha1", "uuid": "6819bd5d-2adf-484a-9e86-c3df602ace26", "value": "56eada705da914818cd44c6492910bc92fb70e86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028049", "to_ids": true, "type": "sha256", "uuid": "e7edc6f4-e34d-4f6a-b41d-544e47aaf825", "value": "c99cc10f15f655f36314e54f7013a0bc5df85f4d6ff7f35b14a446315835d334", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025511", "to_ids": true, "type": "ssdeep", "uuid": "c48ffe7b-8c4e-460b-8571-e495129c3b77", "value": "384:u5NMKzPCBLYZNprU7lnrsaEO4xUZ3+9JudgxGHG8W:iMKzKBU7u7dJ4xUZO/9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025511", "to_ids": false, "type": "size-in-bytes", "uuid": "fda785bf-ae26-4256-8b6d-04335f8cd71a", "value": "12452" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025511", "to_ids": true, "type": "filename", "uuid": "8d9e7575-5e43-4c53-ad4a-9fa7b826797e", "value": "localfile~" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025511", "to_ids": false, "type": "text", "uuid": "ffc34d90-8d3e-401b-b7a9-a205affb5b7f", "value": "IoCs related to APT42\r\nType Description: Powershell\nMicrosoft: Trojan:BAT/Obfuse!MSR\nVT Total Detection:38/63\nFirst Submission:2023-06-30T07:56:57.000000+00:00\nLast Submission:2023-08-03T10:46:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031402", "uuid": "13961d5f-62e1-454d-9aad-677726a144e5", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031402", "to_ids": true, "type": "md5", "uuid": "352e4e10-b8d8-4e2f-a22b-11eed6f6e49a", "value": "081419a484bbf99f278ce636d445b9d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028051", "to_ids": true, "type": "sha1", "uuid": "43d705e7-55b2-47e8-8b43-35799ad5bb9b", "value": "0ef4f7a8d7b1d34e10faa0bca1dcb76a518dd417", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028051", "to_ids": true, "type": "sha256", "uuid": "f2a8bb85-1db4-4807-8b0f-32b951a07db6", "value": "bd1f0fb085c486e97d82b6e8acb3977497c59c3ac79f973f96c395e7f0ca97f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025533", "to_ids": true, "type": "ssdeep", "uuid": "89e25511-c97b-4a27-a258-cc3f0f8b69e6", "value": "192:ENampkg6c3iKtzYC4+HxeycEUj/Pv9w7EczGRThbD5eROPURDcEaoY62DFRWJCXu:Ia8h3BKDWx2lszGN5DeOPURwvoX2RRY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025533", "to_ids": false, "type": "size-in-bytes", "uuid": "64ec0dca-6ee0-4ee7-b5cb-3d14ed0ced02", "value": "10586" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025533", "to_ids": true, "type": "filename", "uuid": "2c96bd7b-333b-4864-92b6-3ebd680dbde6", "value": "unknown" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025534", "to_ids": false, "type": "text", "uuid": "ea306592-1238-42b8-9d01-23a1f2862b48", "value": "IoCs related to APT42\r\nType Description: Powershell\nMicrosoft: Trojan:BAT/Obfuse!MSR\nVT Total Detection:39/63\nFirst Submission:2024-03-01T17:29:16.000000+00:00\nLast Submission:2024-05-16T05:04:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031432", "uuid": "63ec809e-b830-4d68-ac37-a217c659da20", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031432", "to_ids": true, "type": "md5", "uuid": "210bd28b-ff63-4012-b298-dd129bef4afb", "value": "4551a6cdf8d23a96aa4124ac9bdb6d1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028052", "to_ids": true, "type": "sha1", "uuid": "c5c6aac1-7603-4fde-a74c-83e9124c986a", "value": "b75b6cebe869e1636f0f294954b7906a4905701a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028053", "to_ids": true, "type": "sha256", "uuid": "8ab51c9d-8c3b-4a7b-9c87-72b5fe26b50f", "value": "454e6d3782f23455875a5db64e1a8cd8eb743400d8c6dadb1cd8fd2ffc2f9567", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025556", "to_ids": true, "type": "ssdeep", "uuid": "e9247941-59e7-436f-938b-a13ba0449be5", "value": "24576:CsxLFnFEHKUmozMFbMAd6Hr7zi/0uYKxaQNDSRNqqK7OhWKW5tReBjstcXSbF/KY:Tx5AOSRNJKwwsd2uO53Vq5Hx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025556", "to_ids": false, "type": "size-in-bytes", "uuid": "68e6edf6-46a3-488e-8515-903e67f3f45b", "value": "1983265" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025556", "to_ids": true, "type": "vhash", "uuid": "21b657c1-bcb2-441b-860d-68c9d4fe0486", "value": "016096665d1c0d5c05156031c2z4600217z403bz403dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025556", "to_ids": true, "type": "filename", "uuid": "5f61a699-f294-4b1a-8272-1a5b85e5cdf2", "value": "PixelGuard" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025556", "to_ids": false, "type": "text", "uuid": "71825564-6ef1-4f8e-a34b-6c024e0dc26e", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:48/71\nFirst Submission:2023-12-19T08:47:34.000000+00:00\nLast Submission:2024-07-26T08:09:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031454", "uuid": "671a5f00-cccc-445a-865f-9be346f12b86", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031454", "to_ids": true, "type": "md5", "uuid": "00f2f989-9766-4322-86d9-ee44b341c4c4", "value": "22e9135a650cd674eb330cbb4a7329c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028054", "to_ids": true, "type": "sha1", "uuid": "81948241-91a0-4a0e-9214-82b0329583c2", "value": "cdfa4966d7a859b09a411f0d90efbf822b2d6671", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028054", "to_ids": true, "type": "sha256", "uuid": "24c12aba-6e65-43cd-bbbe-d03b680c603e", "value": "19001dd441e50233d7f0addb4fcd405a70ac3d5e310ff20b331d6f1a29c634f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025578", "to_ids": true, "type": "ssdeep", "uuid": "face537f-4173-47b8-b13c-79fbb8e13f4e", "value": "3072:HacAmbHTYPFB/2o2evTO5VC/hdb3x8Z5pNjEBvgGoh9ZDROe:HacAmbHIvO7C5db3yZ5pNjE0rZDUe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025578", "to_ids": false, "type": "size-in-bytes", "uuid": "b53b1fd4-9814-4f39-8025-402cf6750413", "value": "148450" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025578", "to_ids": true, "type": "vhash", "uuid": "cc0cf4e6-c396-40dc-99ce-81690511f875", "value": "931c5a560a9c80b19d0ac7483a8eae1a2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025578", "to_ids": true, "type": "filename", "uuid": "1dae146f-29df-41b0-b199-a6fadceacee7", "value": "19001dd441e50233d7f0addb4fcd405a70ac3d5e310ff20b331d6f1a29c634f0.pdf" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025578", "to_ids": false, "type": "text", "uuid": "11caaa1e-0e61-419d-b982-39ab2aa777e9", "value": "IoCs related to APT42\r\nType Description: PDF\nMicrosoft: Trojan:PDF/Phish.TK!MTB\nVT Total Detection:34/64\nFirst Submission:2024-07-20T19:19:53.000000+00:00\nLast Submission:2026-01-08T05:17:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031475", "uuid": "e0b7c939-66a8-461e-9bd6-7732915099b3", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031475", "to_ids": true, "type": "md5", "uuid": "441332e1-3f59-4011-af14-1ae8a6d18f32", "value": "e7df84a5a22aeafcf1c3abf4fd986c91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028056", "to_ids": true, "type": "sha1", "uuid": "58906f45-8887-4c75-86bb-db0cd7bcfde1", "value": "72775239683ea6a651b5c73d2e3ed006af5e1cad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028056", "to_ids": true, "type": "sha256", "uuid": "d4c5de9e-5718-45b9-b23d-6fa35b4ded78", "value": "5df724c220aed7b4878a2a557502a5cefee736406e25ca48ca11a70608f3a1c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025601", "to_ids": true, "type": "ssdeep", "uuid": "6f23014a-3fb2-4df7-a173-7845698bfee3", "value": "6144:9WZiCzAAgMPdxoep2TSKFYL9Heayc5MqDO5sJ:QZTzAAgMPTcStpHKsa5C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025601", "to_ids": false, "type": "size-in-bytes", "uuid": "c2a30350-4458-4bdf-a8fc-d6b4233dd43f", "value": "284672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025601", "to_ids": true, "type": "vhash", "uuid": "99ea611b-00a2-43c4-81e2-6f82af7cb08b", "value": "025076655d155515555az49!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025601", "to_ids": true, "type": "filename", "uuid": "754bbe64-18ed-4591-953f-ddf9dd06489a", "value": "Portal.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025601", "to_ids": false, "type": "text", "uuid": "1e243b44-9813-42c6-bcea-5bf86ff678b4", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:53/71\nFirst Submission:2024-07-10T08:45:14.000000+00:00\nLast Submission:2024-12-11T00:02:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031497", "uuid": "753e340a-9419-4aee-934b-c3e1b59094db", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031497", "to_ids": true, "type": "md5", "uuid": "b144db9d-7ebf-4125-9af0-420e930e51e1", "value": "d783001d1f98fe3b33e7b97b0b7d96dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028058", "to_ids": true, "type": "sha1", "uuid": "fb5225d2-8403-41c7-be1e-421b8d1c9170", "value": "b99d3ac574d6611c7304ef87e9c51c187bb5dd42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028058", "to_ids": true, "type": "sha256", "uuid": "12af983c-07ac-4dbd-a6ba-9260c1dc2d06", "value": "73c677dd3b264e7eb80e26e78ac9df1dba30915b5ce3b1bc1c83db52b9c6b30e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025624", "to_ids": true, "type": "ssdeep", "uuid": "5680863e-8945-4ddf-b25d-ba31e2046d41", "value": "6144:X1waKPfuiSzngCp/3I8fh+TvjQr/mNRN4YWBAv5VB2ma:XYWigngCZ3I8f0z574YWYVB2ma" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025624", "to_ids": false, "type": "size-in-bytes", "uuid": "19bdf015-0a6f-41b6-920d-268cdcf91ab9", "value": "246784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025624", "to_ids": true, "type": "vhash", "uuid": "0cc7886b-9c74-465e-a6c3-185d6362a6e9", "value": "025076755d155515555az46!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025624", "to_ids": true, "type": "filename", "uuid": "63425126-4150-4dae-a5ad-a7cb3e62f200", "value": "memo.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025624", "to_ids": false, "type": "text", "uuid": "25730510-8893-42b5-b059-8567c181cf61", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/BugSleepLoader.ABL!MTB\nVT Total Detection:59/72\nFirst Submission:2024-06-05T11:50:46.000000+00:00\nLast Submission:2024-09-03T00:13:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031519", "uuid": "e0c32a17-131b-4b77-b6b9-da2cf3925342", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031519", "to_ids": true, "type": "md5", "uuid": "d972419c-7692-4d81-871a-a0c6dababd31", "value": "755c0350038daefb29b888b6f8739e81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028059", "to_ids": true, "type": "sha1", "uuid": "88b1851d-1790-4881-bcaa-b2b1836d900d", "value": "5b2f56953b3c925693386cae5974251479f03928", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028060", "to_ids": true, "type": "sha256", "uuid": "2eb8fd34-d780-4308-9abd-79220813013e", "value": "4491901eff338ab52c85a77a3fbd3ce80fda738046ee3b7da7be468da5b331a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025646", "to_ids": true, "type": "ssdeep", "uuid": "7a67ff5d-51e5-4d17-bb8f-9c685bfe0f92", "value": "24576:RHA1jDC3rgrKPucdYUxVXshqWzHt0IBLzvavUXUjLzC:6NSwKPucuUxVX+zmvU4C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025646", "to_ids": false, "type": "size-in-bytes", "uuid": "52d4119f-0379-4117-95ff-5f010804c56d", "value": "6338272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025646", "to_ids": true, "type": "vhash", "uuid": "09be2bb0-a7c5-4004-8454-6623fc18ca39", "value": "066066651d1c0515509043z800467z47z62z4403dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025646", "to_ids": true, "type": "filename", "uuid": "8640b8d6-2d62-4bfb-97c3-486a046d6b1b", "value": "CrowdStrike Updater.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025646", "to_ids": false, "type": "text", "uuid": "b0cb91df-974f-4948-a56a-d4163ca92453", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:42/71\nFirst Submission:2024-07-20T11:21:59.000000+00:00\nLast Submission:2025-11-19T16:55:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031541", "uuid": "2846c785-b163-419e-8ab7-0f247512148c", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031541", "to_ids": true, "type": "md5", "uuid": "36d92475-c179-479c-af4f-eb035f85a049", "value": "2783376fd7af9ec138ecf49ad7391f16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028061", "to_ids": true, "type": "sha1", "uuid": "7e58edef-cd7f-4e54-abb8-8d16261a3c26", "value": "7cf41af145f19e5af9a1ace48323cffe09c0aedf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028061", "to_ids": true, "type": "sha256", "uuid": "e5ed7f29-bfd8-48b8-989b-ef2645aa0b13", "value": "ca9bf13897af109cb354f2629c10803966eb757ee4b2e468abc04e7681d0d74a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025669", "to_ids": true, "type": "ssdeep", "uuid": "77e94b94-9d8d-4fe5-a1eb-720ad7e2dbbc", "value": "49152:Zj9KYbPQ4uGfd06kZWi8my5f5wx5AOSRNJKwwsd2uO53Vq5Hxl:ZjIYbPQ47dmZWi8RxeaOiDK7aO5ABr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025669", "to_ids": false, "type": "size-in-bytes", "uuid": "01f1fa9c-823c-462a-a912-160bc49f5416", "value": "2990928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025669", "to_ids": true, "type": "vhash", "uuid": "552e85df-b4cf-4fdf-9f11-1608b26d828a", "value": "22603675151300101e23282017d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025669", "to_ids": true, "type": "filename", "uuid": "337c8259-d60b-4072-8fa4-230ad873aa4b", "value": "F5UPDATER.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025669", "to_ids": false, "type": "text", "uuid": "80d454da-782a-42bf-988e-10925710fe7c", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Seheq!rfn\nVT Total Detection:47/71\nFirst Submission:2023-12-19T08:32:36.000000+00:00\nLast Submission:2024-01-12T11:45:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031562", "uuid": "9276e723-eae6-4458-8146-a101da58ce25", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031562", "to_ids": true, "type": "md5", "uuid": "5e6702ca-4034-4c91-98e2-b7867cd26306", "value": "c23663ebdfbc340457201dbec7469386", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028063", "to_ids": true, "type": "sha1", "uuid": "e4784ee9-c5e9-40a6-8854-5da715d8e6a4", "value": "97e48fbb46f52d5a35360f9bfd8a2877a4a7fe70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028063", "to_ids": true, "type": "sha256", "uuid": "5bf35c53-94bd-4ab7-bbf9-c2c363383302", "value": "dbdb14e37fc4412711a1e5e37e609e33410de31de13911aee99ab473753baa4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025691", "to_ids": true, "type": "ssdeep", "uuid": "5a31875f-8586-40e4-9d9f-ace67ed5d39c", "value": "192:0a3uQ/N+reI/aBG5wJ2SucjPLXIYAgmROOqLsB2L/+uKM6VkPV9sV9M6VCV9k6:bp/N+0jPLpc2T+u3dkaW6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025691", "to_ids": false, "type": "size-in-bytes", "uuid": "dd8b9de2-9c70-4c77-bc99-0f1aca5813e1", "value": "13620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025691", "to_ids": true, "type": "filename", "uuid": "fe5dd940-b7eb-4c33-be01-809bba49a6f9", "value": "down.vbs" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025691", "to_ids": false, "type": "text", "uuid": "382b0c52-d055-4ae7-a3b5-bce892988d5d", "value": "IoCs related to APT42\r\nType Description: VBA\nMicrosoft: Trojan:VBA/Malgent!MSR\nVT Total Detection:34/61\nFirst Submission:2024-01-16T15:24:52.000000+00:00\nLast Submission:2024-05-15T12:17:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031584", "uuid": "476dd4fe-ffcf-495a-8c72-118a5d4596b0", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031584", "to_ids": true, "type": "md5", "uuid": "8535fa5d-33cf-4622-a5ae-eefb558d0a0c", "value": "a70d6bbf2acb62e257c98cb0450f4fec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028064", "to_ids": true, "type": "sha1", "uuid": "573a3f7d-273d-467e-8a14-4f31a7512bc6", "value": "5cacfad2bb7979d7e823a92fb936c5929081e691", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028065", "to_ids": true, "type": "sha256", "uuid": "8da4b992-0b93-4e57-bb7c-e20334b1b7d7", "value": "ff15558085d30f38bc6fd915ab3386b59ee5bb655cbccbeb75d021fdd1fde3ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025713", "to_ids": true, "type": "ssdeep", "uuid": "e17e3a40-3433-4433-bf85-8fb981bd8cff", "value": "12288:Y3utkx+U5nlE+8A1eFih+FqOTYeoAeJ1wlJBe3etFtwoR0b:YeeeA1eFih+82YeoNUl/e3etFtwE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025713", "to_ids": false, "type": "size-in-bytes", "uuid": "bb096544-bdf6-4ad9-a8f3-fc0ae866ec48", "value": "744960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025713", "to_ids": true, "type": "vhash", "uuid": "8f839050-780f-497d-9b8f-be5a0c0b8192", "value": "075086655d15551d15555055z7009iz1021z3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025713", "to_ids": true, "type": "filename", "uuid": "b0db0a6d-8987-4185-a505-d1290ae53411", "value": "agent4.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025713", "to_ids": false, "type": "text", "uuid": "f4ebe8e0-0b9e-4754-9704-80e917313808", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Tnega!MSR\nVT Total Detection:53/72\nFirst Submission:2020-12-27T13:27:36.000000+00:00\nLast Submission:2023-03-14T04:56:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031605", "uuid": "079342ad-d2e9-4af5-a9c2-131f7f494f10", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031605", "to_ids": true, "type": "md5", "uuid": "3a57cd72-6cd7-483b-8dc2-edd4605d61db", "value": "5746a9e0a410349b17f8a64af30f9cd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028066", "to_ids": true, "type": "sha1", "uuid": "c7f75855-6724-4eea-92c4-73cc5a69261b", "value": "29a08031c4debc7f91ca8efb40b7858c9aafc3ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028066", "to_ids": true, "type": "sha256", "uuid": "82418a64-1817-4794-9f24-e88e8e5bd309", "value": "3555728fb51dd3eaeb34a5c6aaf445e63cc93ece2bf560cf0c673a0d38c6e5d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025736", "to_ids": true, "type": "ssdeep", "uuid": "6fc9a4c4-63b7-423a-80b0-b80628fce8c1", "value": "98304:xmTiSEWNHm7OOBOjr5c0YEqHzZymScepyWaKCdsBFC:oTiJIr57mHzQmJMHsUFC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025736", "to_ids": false, "type": "size-in-bytes", "uuid": "f15bf3dd-e184-482d-a504-61027e11f924", "value": "4839049" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025736", "to_ids": true, "type": "vhash", "uuid": "38cc118e-8e31-49e6-be83-7b65cd486711", "value": "046066656d1515756az5dvz17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025736", "to_ids": true, "type": "filename", "uuid": "1083a57e-e370-4d1e-a534-45503ee3256f", "value": "CSRSS.Exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025736", "to_ids": false, "type": "text", "uuid": "350bd5f8-d031-4af3-b84b-3c994b119066", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:45/72\nFirst Submission:2021-11-30T04:08:45.000000+00:00\nLast Submission:2021-11-30T04:08:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031626", "uuid": "17f14695-6308-4fcf-b431-b2b81025e78b", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031626", "to_ids": true, "type": "md5", "uuid": "ab573cda-204e-41f0-b7db-20ab76a2cd43", "value": "c92e2655d115368f92e7b7de5803b7bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028068", "to_ids": true, "type": "sha1", "uuid": "843d0014-4eab-447f-93a7-f113c767e348", "value": "366e435a1ea0f597deb6ebe7c0c5acdb6e8b33eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028068", "to_ids": true, "type": "sha256", "uuid": "613f430a-20ce-4eec-8085-501a97fc4176", "value": "1b39f9b2b96a6586c4a11ab2fdbff8fdf16ba5a0ac7603149023d73f33b84498", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025759", "to_ids": true, "type": "ssdeep", "uuid": "e78f5379-9120-42a3-a85d-d91446bb22c6", "value": "384:PTlCwsCROIIuZkdKIf5C+UCOP32ZU4UKa:4wsCR010C832ZHUKa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025759", "to_ids": false, "type": "size-in-bytes", "uuid": "8d4df826-42fe-41f9-a92e-2f5c76422a17", "value": "16208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025759", "to_ids": true, "type": "vhash", "uuid": "77a792f5-4e4d-426c-ae2b-1af7b588df37", "value": "11514985d20f0caa4891de35605a94af" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025759", "to_ids": true, "type": "filename", "uuid": "5e91322f-7ddd-4c56-af2c-2560e289cd35", "value": "c92e2655d115368f92e7b7de5803b7bc___679136bd-a11b-4be5-9479-afbbddcf1aab.elf" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025759", "to_ids": false, "type": "text", "uuid": "007a40de-3ada-4ad8-920a-ea8767858232", "value": "IoCs related to APT42\r\nType Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:34/64\nFirst Submission:2024-01-17T14:33:07.000000+00:00\nLast Submission:2026-02-28T06:55:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031647", "uuid": "02704fd6-46ab-4afb-b1dc-65bf088088c8", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031647", "to_ids": true, "type": "md5", "uuid": "1c0f3076-9e3a-43a7-bba1-78e064e8f705", "value": "a50a20edddaded453410600549968914", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028070", "to_ids": true, "type": "sha1", "uuid": "512a2525-7f82-4899-8b5b-70d6625c5a86", "value": "d76e5ac85cd57425dc3c5dc27c438b0725d6eaa4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028070", "to_ids": true, "type": "sha256", "uuid": "b9019931-b9b4-4393-8ee7-6a21065a18a0", "value": "94278fa01900fdbfb58d2e373895c045c69c01915edc5349cd6f3e5b7130c472", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025782", "to_ids": true, "type": "ssdeep", "uuid": "b887aa11-a939-4101-994f-8faf175c291b", "value": "3072:2o53UAHYE6sKuoJGVEND3hP1LiMdFNpTo:RCs0gEND3TFFH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025782", "to_ids": false, "type": "size-in-bytes", "uuid": "06fb6114-b934-40d7-96fd-34c3f5a9efd9", "value": "129024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025782", "to_ids": true, "type": "vhash", "uuid": "1d0487c0-d9fe-4787-8c1e-3ca70fd783ac", "value": "015076655d155515555az4f9z4tz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025782", "to_ids": true, "type": "filename", "uuid": "55ab433d-05fa-46e6-ba79-244f27eee3c1", "value": "Caspel-webinar.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025782", "to_ids": false, "type": "text", "uuid": "58ee676c-7589-4f1e-9d15-ef24bcae2088", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Mabezat.RP!MTB\nVT Total Detection:54/71\nFirst Submission:2024-05-23T14:53:20.000000+00:00\nLast Submission:2025-02-18T06:23:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031669", "uuid": "c1394cc3-6cbc-4ec2-8394-660daf90712c", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031669", "to_ids": true, "type": "md5", "uuid": "64bd8f82-9913-42cf-8a49-8f7011f0c828", "value": "a713e686fd984588a4db74f34bf32275", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028071", "to_ids": true, "type": "sha1", "uuid": "8643933d-b005-4631-8b2c-ea06bea4138e", "value": "dfaae4c2ac9a19d2ef0fde43b6786a01b39b5521", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028071", "to_ids": true, "type": "sha256", "uuid": "d30d3bdf-80df-4f2a-a042-5261fad24876", "value": "960d4c9e79e751be6cad470e4f8e1d3a2b11f76f47597df8619ae41c96ba5809", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025806", "to_ids": true, "type": "ssdeep", "uuid": "a55198b5-2d01-4f2f-9f4e-1a212478c045", "value": "3072:mtJSByb0ot4nwAQdlVCWBHgBKVhbwgDgmQP:mtJSXHn6RCWBHVgm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025806", "to_ids": false, "type": "size-in-bytes", "uuid": "90e76cee-162c-4f5b-a3e6-06f7828d7bb0", "value": "149504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025806", "to_ids": true, "type": "vhash", "uuid": "1521c84f-4999-4d4c-a4da-8d045e8c64bb", "value": "015076651d155515555az519z4tz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025806", "to_ids": true, "type": "filename", "uuid": "bc0f3b50-2268-46da-bc3a-111b336079d9", "value": "Portal.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025806", "to_ids": false, "type": "text", "uuid": "30947742-9a13-4883-b140-203b2e47f349", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Mabezat.RP!MTB\nVT Total Detection:55/71\nFirst Submission:2024-05-07T12:35:07.000000+00:00\nLast Submission:2024-11-06T15:46:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031690", "uuid": "890ed052-9dee-42d1-a98e-4cc4accf462c", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031690", "to_ids": true, "type": "md5", "uuid": "1d7e8c67-07a2-4a1a-9ab7-ef53cb73c8f0", "value": "d7bf138d1aa2b70d6204a2f3c3bc72a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028072", "to_ids": true, "type": "sha1", "uuid": "1a5863a9-e538-4157-bdcc-4618731e36a3", "value": "3fd06c930ddc4b1914151f69454c087a42413a24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028073", "to_ids": true, "type": "sha256", "uuid": "de362f74-24d8-49cd-9341-14eea96a9a79", "value": "5404e39f2f175a0fc993513ee52be3679a64c69c79e32caa656fbb7645965422", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025828", "to_ids": true, "type": "ssdeep", "uuid": "59253503-43d8-427a-9b9f-834d7fede366", "value": "24:W/AnDhKaG2Ds6w8NlrZ5OGPeAbqf+PvENPB3B3CNdHPdYqf+PveBE:YghhG2D68NVfOGPLZvEN9hUhOveE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025828", "to_ids": false, "type": "size-in-bytes", "uuid": "53ad7b36-ec84-41a8-a104-88ec48d3e590", "value": "1276" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025828", "to_ids": true, "type": "vhash", "uuid": "d8ab271c-8734-4f5e-99b8-0fa1aaa1c2aa", "value": "43aa0f8a43cc52e82790a47dc61fcaa2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025828", "to_ids": true, "type": "filename", "uuid": "816f6a1d-6ec9-4e11-92b5-609244d001d2", "value": "u9ebn.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 17/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025828", "to_ids": false, "type": "text", "uuid": "37074677-2891-4c4f-ac4c-c1581449acbf", "value": "IoCs related to APT42\r\nType Description: VBA\nMicrosoft: Trojan:VBA/Malgent!MSR\nVT Total Detection:33/62\nFirst Submission:2024-03-01T15:16:21.000000+00:00\nLast Submission:2024-03-01T15:16:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031711", "uuid": "99860152-8fc9-42c9-b502-83c2c60d2208", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031711", "to_ids": true, "type": "md5", "uuid": "4067ae79-a24c-4bb3-bf9a-c28f55b626d0", "value": "bdd0d556166ad0af9ded39ab4b9ed34f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028074", "to_ids": true, "type": "sha1", "uuid": "8d938e59-8d6a-4bfd-8e1c-a4caac4b1203", "value": "cb2ffe5accc89608828f5c1cd960d660aac2971d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028074", "to_ids": true, "type": "sha256", "uuid": "e32bec72-d57d-4a18-a6f2-8d01a8c29660", "value": "3a052d56706a67f918ed3a9acec9a2da428a20065e261d8e40b73badb4c9d7f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025851", "to_ids": true, "type": "ssdeep", "uuid": "1e3683c9-630c-43bc-a040-c4014adcf98e", "value": "12288:LntTaaoZXluy49lJH31F59+Bt0meXFX+beY9AYMaQmBcDLB:bScy2ld1F59+Bt03FX+KY9vEN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025851", "to_ids": false, "type": "size-in-bytes", "uuid": "df4dbfcc-634c-4c74-ac8b-24f1fbf211e0", "value": "587253" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025851", "to_ids": true, "type": "vhash", "uuid": "b8a15ab4-7fb2-42f0-9253-e41be6f33547", "value": "2c53cadfb1a6edafe0f4a5a1070a0286" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025851", "to_ids": true, "type": "filename", "uuid": "26f13a2a-ee9e-4f05-b9f9-b558e6ff64c7", "value": "3a052d56706a67f918ed3a9acec9a2da428a20065e261d8e40b73badb4c9d7f4.apk" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025851", "to_ids": false, "type": "text", "uuid": "d09e045e-b4ba-42ce-a5d8-d07260d5df20", "value": "IoCs related to APT42\r\nType Description: Android\nMicrosoft: Trojan:AndroidOS/DCHSpy!MTB\nVT Total Detection:27/66\nFirst Submission:2021-10-12T04:06:41.000000+00:00\nLast Submission:2025-10-01T04:08:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031733", "uuid": "adddd39e-852d-4764-ba14-a2a804b3a095", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031733", "to_ids": true, "type": "md5", "uuid": "d32d962c-34c6-4535-b4e1-fb193fe34016", "value": "abe531e9f1e642c47260fac40dc41f59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028076", "to_ids": true, "type": "sha1", "uuid": "db326baa-a820-45a1-b1c9-eb171fdb0740", "value": "6591e6eee4fefaee9f214dfa872e15d426f695fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028076", "to_ids": true, "type": "sha256", "uuid": "61e98379-17fc-4b3e-b338-32008e72958d", "value": "766c356d6a4b00078a0293460c5967764fcd788da8c1cd1df708695f3a15b777", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025874", "to_ids": true, "type": "ssdeep", "uuid": "7b847f72-dcb7-4b62-9b50-75919077c3d9", "value": "196608:HoRRDqSU3b01Kpn3V+uq+VvpoxbAQveFuEtwq+ZkiKDIjx0v05UR4VlJlr:8q9L01+l+uq+Vvyxv89aq+ZkF0x08iRc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025874", "to_ids": false, "type": "size-in-bytes", "uuid": "ca27b08e-2f5c-48c5-a48b-18f13be44b24", "value": "10680751" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025874", "to_ids": true, "type": "vhash", "uuid": "a9fff4e2-1608-49fc-897f-34d8a001cde3", "value": "017076655d155d0515504013z3006dmz1cfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025874", "to_ids": true, "type": "filename", "uuid": "d7dc7b35-540b-4829-bbd6-dcc3ffa9a882", "value": "\u0414\u043e\u0434\u0430\u0442\u043e\u043a.pif" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 27/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025874", "to_ids": false, "type": "text", "uuid": "c971a1d7-ebf1-4288-adf1-2e6c633cf367", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:48/72\nFirst Submission:2025-07-11T06:44:19.000000+00:00\nLast Submission:2025-12-19T17:30:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031754", "uuid": "b012056d-da5e-4a88-acb9-14ca55363f6d", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031754", "to_ids": true, "type": "md5", "uuid": "d2f76e9f-f31e-4345-b903-3e3578140877", "value": "93c19436e6e5207e2e2bed425107f080", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028077", "to_ids": true, "type": "sha1", "uuid": "1c818f37-e26b-4d84-ab92-4c1f6f8ed36f", "value": "43ed285112547767c09e07e9b45483af96022ad8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028078", "to_ids": true, "type": "sha256", "uuid": "2e8a2401-e3dc-4647-b41e-93ef09893ee5", "value": "9fc0f2a57aafa9100eefb7019f15b96919eea5ee5d607441ceeaaafd8bcc92a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025897", "to_ids": true, "type": "ssdeep", "uuid": "97e472ea-108b-4f04-9588-3f26b9e6a8b6", "value": "24576:dwSBJcqrEmbtkFWpPALooCeIiUCujtP+:d7B/rPBkcPAweI5Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025897", "to_ids": false, "type": "size-in-bytes", "uuid": "d1ba2300-ecaf-4a1e-b7a3-b1963d523845", "value": "950784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025897", "to_ids": true, "type": "vhash", "uuid": "f5c68bd6-6a7b-402e-8b80-a245a23c177f", "value": "095056655d55756128z59hz23z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025897", "to_ids": true, "type": "filename", "uuid": "db8185c3-a507-4ee2-8937-b3ad23517a3d", "value": "svvhost.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025897", "to_ids": false, "type": "text", "uuid": "d756901b-fb05-4dde-b273-1ca382bad536", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:59/72\nFirst Submission:2021-10-15T14:36:50.000000+00:00\nLast Submission:2023-03-18T18:31:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031776", "uuid": "b8380f36-1c6e-47f3-9399-f56fc6343cc8", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031776", "to_ids": true, "type": "md5", "uuid": "919532d7-904d-4554-bd69-a68a2dd65a31", "value": "a9cd92a3a4d90daf9331036c772c67de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028079", "to_ids": true, "type": "sha1", "uuid": "638c8ede-1fdf-4c7e-b945-a64b36c6af39", "value": "71fdfd84a49587c08f5586c12c227f48811a5d5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028079", "to_ids": true, "type": "sha256", "uuid": "f3f7de3f-0997-40d0-a757-6562cd203134", "value": "2ac7df27bbb911f8aa52efcf67c5dc0e869fcd31ff79e86b6bd72063992ea8ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025919", "to_ids": true, "type": "ssdeep", "uuid": "1a1f3588-961a-4f66-b75c-7a54331b7f70", "value": "768:ZS9Y/1I9uV3K1DlJiGd3Zq8B2UI7kyzEWr+gUpMXYVuI:ZSStIAFK1DlJi4ZsXzEWSgyuhI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025919", "to_ids": false, "type": "size-in-bytes", "uuid": "b6bef2a5-3711-4ff5-976d-f44d1aa9011b", "value": "36279" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025919", "to_ids": true, "type": "filename", "uuid": "3d8f98b7-3312-4c9d-a1d1-9bafd163a81d", "value": "Map.aspx" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025919", "to_ids": false, "type": "text", "uuid": "dcf046e7-aa5b-4089-976e-d0cee90ed69c", "value": "IoCs related to APT42\r\nType Description: HTML\nMicrosoft: None\nVT Total Detection:35/62\nFirst Submission:2021-06-25T10:56:35.000000+00:00\nLast Submission:2023-05-07T07:09:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031797", "uuid": "0796591d-b3ce-47df-8c54-afda29915c9d", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031797", "to_ids": true, "type": "md5", "uuid": "c6be8b1b-f695-41e6-8ac1-579cee790516", "value": "d533a3c61e8425e51dca36415b9e8af2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028080", "to_ids": true, "type": "sha1", "uuid": "039f6bdd-9999-4b6d-bc24-526c8c557dd5", "value": "2379ac0e03b1a67c4ca5693136eff4945e644a91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028081", "to_ids": true, "type": "sha256", "uuid": "19dd819e-cfea-4a3f-b726-a5b0dfbbdb44", "value": "8eea1f65e468b515020e3e2854805f1ef5c611342fa23c4b31d8ed3374286a90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025942", "to_ids": true, "type": "ssdeep", "uuid": "7c4d80ba-e4ec-4450-8be7-e8b2ed1dfa44", "value": "192:fEKjkTC6+IewDXKw2A+y6gN0izLa/4zjQiQkgkG/t/0uG:8MtwzXfa4uu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025942", "to_ids": false, "type": "size-in-bytes", "uuid": "b6f97bef-6f97-4e66-98c0-508c74c74c8e", "value": "6632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025942", "to_ids": true, "type": "filename", "uuid": "e000e8a3-3f70-4ea9-8ad1-67a9457f2ab4", "value": "telemetry.js" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 19/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025942", "to_ids": false, "type": "text", "uuid": "26fa140c-efad-47a8-8b02-d9df9c7a1658", "value": "IoCs related to APT42\r\nType Description: JavaScript\nMicrosoft: Trojan:JS/QuietVault!MTB\nVT Total Detection:29/62\nFirst Submission:2025-08-27T14:30:57.000000+00:00\nLast Submission:2025-08-29T01:27:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031818", "uuid": "e5df20fa-00c9-4595-b251-397207ab1258", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031818", "to_ids": true, "type": "md5", "uuid": "5f5aa737-34a4-435c-a6ec-1b7882eb3efa", "value": "8678cca1ee25121546883db16846878b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028082", "to_ids": true, "type": "sha1", "uuid": "8bd82475-20d2-4d8d-a0d8-b7a13528c3fd", "value": "db38eeb9490cc7946b3ed0cf3759acb41666bdc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028082", "to_ids": true, "type": "sha256", "uuid": "c1f668e6-0531-45e6-b850-4a1175eb9ee7", "value": "e28085e8d64bb737721b1a1d494f177e571c47aab7c9507dba38253f6183af35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025965", "to_ids": true, "type": "ssdeep", "uuid": "bee03e3e-ee76-4aa7-9bc7-59bc57aa08a0", "value": "384:hW0TTEY/ORWnUUfIJIaB8q0MI2KnNf8lLNRAiffffYkP7GLzYcHe+cPow:90Y/YCIxajBNf8dzjYzYcHe+cPow" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025965", "to_ids": false, "type": "size-in-bytes", "uuid": "dd4dacca-359e-47b6-8d3f-f8bbe3e143f7", "value": "19968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025965", "to_ids": true, "type": "vhash", "uuid": "3f185b72-985e-4dba-95a1-d567c9e10760", "value": "21403655151110891620027" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025965", "to_ids": true, "type": "filename", "uuid": "78d91221-bb68-406b-b520-a2fab6c5bc02", "value": "Hatef.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025965", "to_ids": false, "type": "text", "uuid": "e43ae1cd-29f2-4292-81cc-9f5c4daf362d", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Seheq!rfn\nVT Total Detection:50/71\nFirst Submission:2023-12-17T19:10:35.000000+00:00\nLast Submission:2023-12-17T19:10:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031841", "uuid": "1bc33e4b-4ce0-449f-a35a-0b1c3191b85e", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031841", "to_ids": true, "type": "md5", "uuid": "2517b9d8-b994-4b89-9dc1-14039d87b363", "value": "c17f4bb8e415e21e6010b98e13c6dff3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028083", "to_ids": true, "type": "sha1", "uuid": "6ddf5a5f-33d8-4679-9ef7-7fcb2e92a5a4", "value": "e2bee0b9a6e262daa4842245e469f5a0310da868", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028083", "to_ids": true, "type": "sha256", "uuid": "6b22ddf4-b2bd-4b7d-9633-8893a4c556ee", "value": "b8703744744555ad841f922995cef5dbca11da22565195d05529f5f9095fbfca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774025988", "to_ids": true, "type": "ssdeep", "uuid": "0a24897f-abb6-4035-913b-32ca9eb09a65", "value": "3072:2jDk5hcGOqdHvcIqmecKYXlu6Mi2H+XBvjigDkzmsV2:2jDkGcKYXYFCBOsc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774025988", "to_ids": false, "type": "size-in-bytes", "uuid": "b565cf19-c07e-46fa-8858-59b970c06e79", "value": "137216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774025988", "to_ids": true, "type": "vhash", "uuid": "e1801440-2d26-4034-a1ae-1bc22600c152", "value": "015076655d155515555az5az4tz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774025988", "to_ids": true, "type": "filename", "uuid": "1b0c80bf-ba34-4a6c-a575-07666e1a3809", "value": "Portal.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774025988", "to_ids": false, "type": "text", "uuid": "7b1c91fc-d7f8-456c-9452-135cefdf22d9", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Mabezat.RP!MTB\nVT Total Detection:55/71\nFirst Submission:2024-05-16T10:56:38.000000+00:00\nLast Submission:2024-09-02T23:57:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031862", "uuid": "07848cb2-445b-4e8f-a665-375b719b1d69", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031862", "to_ids": true, "type": "md5", "uuid": "c3366793-a769-4d25-805b-68867e9552db", "value": "cafe08392d476a057d85de4983bac94e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028085", "to_ids": true, "type": "sha1", "uuid": "9851d50a-fcd6-4322-90cd-a8ecb2e680c1", "value": "e065bec7855235dedfec5e66392b81b7a2234d0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028085", "to_ids": true, "type": "sha256", "uuid": "c84b2b22-2cb1-46e0-a034-da335ba2f6b3", "value": "a30930dfb655aa39c571c163ada65ba4dec30600df3bf548cc48bedd0e841416", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026011", "to_ids": true, "type": "ssdeep", "uuid": "9b0f8282-26af-4ffe-a0ca-d43b753d24ad", "value": "6144:J/4HmLnfiNi7pL9SE/QkonRQI0yrZ7WElbTUg1RzFp:1ffuG/SEToiFcTUghp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026011", "to_ids": false, "type": "size-in-bytes", "uuid": "edbcae42-218b-471e-9156-2536505beb0a", "value": "271041" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774026011", "to_ids": true, "type": "vhash", "uuid": "d2b62e39-910c-48ce-941b-e2e088deb2fc", "value": "9b46c625d0ef478e7db01c3cff83a14a8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026011", "to_ids": true, "type": "filename", "uuid": "fd115111-7832-48b4-9eb3-74b5d146ca7f", "value": "\u041e\u0444\u0456\u0446\u0456\u0439\u043d\u0438\u0439 \u0431\u043b\u0430\u043d\u043a \u0421\u0411\u0423.pdf" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 01/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026011", "to_ids": false, "type": "text", "uuid": "9e4bcb62-cd77-471d-a8f9-7c8499b7377f", "value": "IoCs related to APT42\r\nType Description: PDF\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:19/64\nFirst Submission:2025-07-11T06:49:00.000000+00:00\nLast Submission:2026-02-17T15:23:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031884", "uuid": "06cd39ac-bcf0-4ff2-9721-96c38c08687e", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031884", "to_ids": true, "type": "md5", "uuid": "518768c1-e02f-48e4-b01d-76ceb6ebf4d5", "value": "63c4c31965ed08a3207d44e885ebd5e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028087", "to_ids": true, "type": "sha1", "uuid": "53b3fa39-cd99-4c2f-aa62-d75a19607bab", "value": "76a35d4087a766e2a5a06da7e25ef76a8314ec84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to APT42", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028087", "to_ids": true, "type": "sha256", "uuid": "3335cdd4-5ac8-4ac4-b15f-f8f9844128c8", "value": "cafa8038ea7e46860c805da5c8c1aa38da070fa7d540f4b41d5e7391aa9a8079", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026034", "to_ids": true, "type": "ssdeep", "uuid": "f1019438-ac4c-4db4-a7ee-a452fe867980", "value": "12288:u3utkx+U5nlE+8A1eFih+FqOTYeoAeJ1wlJBe3etFtwoB0b:ueeeA1eFih+82YeoNUl/e3etFtw8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026034", "to_ids": false, "type": "size-in-bytes", "uuid": "edeb3f15-1359-4ad7-a6dc-285544abbed3", "value": "744960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774026034", "to_ids": true, "type": "vhash", "uuid": "efdc3b7b-7d80-409a-883a-b37997fe3426", "value": "075086655d15551d15555055z7009iz1021z3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026034", "to_ids": true, "type": "filename", "uuid": "27d2e4f1-9db0-4691-a7ac-d6fa371d285c", "value": "calc.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 18/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026034", "to_ids": false, "type": "text", "uuid": "e33d57ae-8d9c-4855-8c9d-f7627e3ee7ba", "value": "IoCs related to APT42\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Tnega!MSR\nVT Total Detection:55/72\nFirst Submission:2021-01-03T15:16:14.000000+00:00\nLast Submission:2023-03-14T04:58:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031905", "uuid": "7a1e10a6-d779-462c-b7dc-e34c1b8c172f", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031905", "to_ids": true, "type": "md5", "uuid": "fec7ea94-d036-4e25-9e50-1ff80e70ccd7", "value": "b3411927cc7cd05e02ba64b2a789bbde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028089", "to_ids": true, "type": "sha1", "uuid": "f79f8ef5-a1e4-4b68-8b17-d50ea4f8b06e", "value": "b26cfde4ca74d5d5377889bba5b60b5fc72dda75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028089", "to_ids": true, "type": "sha256", "uuid": "2fa11c58-9719-4e39-9796-9aacf1e24dfe", "value": "4b036cc9930bb42454172f888b8fde1087797fc0c9d31ab546748bd2496bd3e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026056", "to_ids": true, "type": "ssdeep", "uuid": "c19aa43c-f48a-45f0-9daa-c54fda02abec", "value": "49152:N7MNjXLsvFfAhpjccQ1hhTlPrLFhNG2y+L+aJwDcN:0jXL2mboRRhrL42yE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026056", "to_ids": false, "type": "size-in-bytes", "uuid": "7117309e-3ddf-4fcb-a1dd-18639c769b40", "value": "1681960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774026056", "to_ids": true, "type": "vhash", "uuid": "4b8a5ff5-f86d-4732-8fde-7cfc2c136da0", "value": "016056656d155560a1z11z500461z63z8031z11z32z15z1b035z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026056", "to_ids": true, "type": "filename", "uuid": "370354f8-da5a-4331-a061-23086fed650a", "value": "advanced_ip_scanner.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 21/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026056", "to_ids": false, "type": "text", "uuid": "1b4f63e1-7dd0-4866-9f8e-1aacb7cbed46", "value": "IoCs related to PARISITE\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/72\nFirst Submission:2022-05-06T12:35:23.000000+00:00\nLast Submission:2026-03-19T18:24:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031926", "uuid": "537124c9-51e5-4e09-b95d-3a35d24c56f3", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031926", "to_ids": true, "type": "md5", "uuid": "25f9b2da-91f3-41b4-a3c1-cbea3cff1419", "value": "ebd96cf97f93e62210fe4d928c49464c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028091", "to_ids": true, "type": "sha1", "uuid": "89f85870-891b-4334-b3fb-536ca0be481f", "value": "aa52ec30f5127b62c65239535eda2e949532f484", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028091", "to_ids": true, "type": "sha256", "uuid": "bbf70c14-012b-4e1f-9226-f74c62f137fe", "value": "c3777df8af97479419aaff9bbb113ddeb1aef7515a91fc683f8c62133466a137", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026209", "to_ids": true, "type": "ssdeep", "uuid": "a9d9ae60-b772-4c30-9cc1-9b89af6af418", "value": "12288:NLmG2FTkMwWGKb4CGXioYjdXsTFqSd2cH2GrxTIq:RmGqkMSocb2sTFqO2cHZNMq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026209", "to_ids": false, "type": "size-in-bytes", "uuid": "4541e8b3-ca5f-4273-820e-cbd87536e76a", "value": "489472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774026209", "to_ids": true, "type": "vhash", "uuid": "5c2ac719-2557-4b61-b172-e4ea96f570d0", "value": "24503675151190ded4531105e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026209", "to_ids": true, "type": "filename", "uuid": "2f3daced-21ff-4232-a79c-5920384955d8", "value": "Snaffler.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 28/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026209", "to_ids": false, "type": "text", "uuid": "fff0148a-e9bf-4527-9677-3632e34d4107", "value": "IoCs related to PARISITE\r\nType Description: Win32 EXE\nMicrosoft: VirTool:MSIL/Purlion.B!MTB\nVT Total Detection:51/72\nFirst Submission:2023-09-19T19:14:35.000000+00:00\nLast Submission:2025-05-09T14:23:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031949", "uuid": "eb3cce49-4f91-44b6-b37a-5beec3ae3d63", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031949", "to_ids": true, "type": "md5", "uuid": "0d666cde-9a76-4c5d-a8f1-e4206bc1d3d6", "value": "48274e0b14ce2fbea39bbb98d7c8d495", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028092", "to_ids": true, "type": "sha1", "uuid": "426390a4-8bd5-4b25-816a-b57e4808a9de", "value": "5cbde184bd95db80df89bbae7f6af6cc318b5a1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028092", "to_ids": true, "type": "sha256", "uuid": "1c7843f7-eb10-4801-9249-8349af66d4dd", "value": "cfb241b1ead4cc2bdb1cb55094708e8d85b27628159251725f8a648d7b5631d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026233", "to_ids": true, "type": "ssdeep", "uuid": "58745ac8-83ed-4a45-bd7c-6332ef3c0114", "value": "3072:BbgG9Ztcd/VpAItepng3PeITCx3qq9eDE4LRr3uoZ1wu3UvcTQ02pw:BbgsZAVyItepng/eYYCZLlLzpA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026233", "to_ids": false, "type": "size-in-bytes", "uuid": "c9b06bc1-a053-48c4-93fe-bbb603093d85", "value": "258048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774026233", "to_ids": true, "type": "vhash", "uuid": "564d0582-fc63-4163-aa78-ba4ec68ebd5f", "value": "025086655d15551d05555az57!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026233", "to_ids": true, "type": "filename", "uuid": "600ca4e1-6deb-41b8-90a7-f2df4357f727", "value": "2025-05-05_48274e0b14ce2fbea39bbb98d7c8d495_black-basta_cobalt-strike_satacom" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 18/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026233", "to_ids": false, "type": "text", "uuid": "78eed4db-8dc6-4512-b46e-158ffd4cb397", "value": "IoCs related to PARISITE\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:46/72\nFirst Submission:2024-12-18T05:08:51.000000+00:00\nLast Submission:2025-05-05T05:13:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031970", "uuid": "fc37762f-ecb8-47c6-a528-7d388598afb9", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031970", "to_ids": true, "type": "md5", "uuid": "b1ae19bf-2de0-475f-bad2-3db49065fa2f", "value": "6a58b52b184715583cda792b56a0a1ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028094", "to_ids": true, "type": "sha1", "uuid": "ae04833d-7413-470d-9a0c-ca9538a963b4", "value": "3477a173e2c1005a81d042802ab0f22cc12a4d55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028094", "to_ids": true, "type": "sha256", "uuid": "26ac10f8-4b0f-4729-a9d5-6770c7857a83", "value": "d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026304", "to_ids": true, "type": "ssdeep", "uuid": "67880bbd-1f77-49f2-a851-a765786e7374", "value": "393216:mfKraJBPMvil9ib1pLIfwwbwFanUfziHLKAwj5GIXgsao7sF5Vw11mH:AKravPiisRpkfww8FUUfz9wIqooPm1S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026304", "to_ids": false, "type": "size-in-bytes", "uuid": "24efc35f-5285-4d14-8f5c-27dbd62fcdb6", "value": "20386224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774026304", "to_ids": true, "type": "vhash", "uuid": "d54efcce-df08-4125-9120-ce4e8a51d38c", "value": "027086665d1c0d5c0515503016z2az3bz4fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026304", "to_ids": true, "type": "filename", "uuid": "79ae57e7-1df2-4885-ba67-fdc37bf2153a", "value": "advportscan.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026304", "to_ids": false, "type": "text", "uuid": "8a156db4-ccea-447a-a125-60a06d4c4669", "value": "IoCs related to PARISITE\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:18/71\nFirst Submission:2019-04-22T23:34:32.000000+00:00\nLast Submission:2026-03-20T13:57:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774031991", "uuid": "f7277277-ed90-4bc6-96f9-13e39b9d3bba", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774031991", "to_ids": true, "type": "md5", "uuid": "c3d206ea-de08-4902-99b6-5a48fac38dad", "value": "057999f7fedb3339def3be576a2408a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028096", "to_ids": true, "type": "sha1", "uuid": "64b71ae5-d240-46b0-bc67-24f4ad722f9d", "value": "06f68ce5e68cf4b0ce04bb52105b90091b4b52d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028096", "to_ids": true, "type": "sha256", "uuid": "44558c50-d6c9-4c68-baf2-5e435bb94d24", "value": "9188830f1fd5165ab77c4d049fc922a3fba299c899e8b7a8535f30910a611ffe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026458", "to_ids": true, "type": "ssdeep", "uuid": "3f5d1876-6644-4f76-ace2-bad770469e02", "value": "1536:pQLLL4UMXAu5jNud4e1M6w1dvAYBS7p/BxUEZ0UYFXwuI:pe/KX57BepZxUEZ0UYFXo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026458", "to_ids": false, "type": "size-in-bytes", "uuid": "2b416919-b6f7-4bce-9dd6-a86706ff593a", "value": "79059" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774026458", "to_ids": true, "type": "vhash", "uuid": "3f0e4cab-bbfa-4eb3-af50-9685347628af", "value": "21cde6509a9f8409eec3be88a5e5ee37" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026458", "to_ids": true, "type": "filename", "uuid": "be0ff020-99a3-48bf-9f42-bb15be7e89c3", "value": "winPEAS.ps1" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 04/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026458", "to_ids": false, "type": "text", "uuid": "77dc274b-c84d-4386-9a07-c868e8f9ad18", "value": "IoCs related to PARISITE\r\nType Description: Powershell\nMicrosoft: VirTool:PowerShell/Cajan.C\nVT Total Detection:29/62\nFirst Submission:2024-10-16T07:34:06.000000+00:00\nLast Submission:2025-10-24T11:38:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774032013", "uuid": "2ecd0444-f9e4-4e41-8b7c-304473275f82", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774032013", "to_ids": true, "type": "md5", "uuid": "d6ae752a-eb5a-4039-a68d-95df6c72960b", "value": "923cab44221fabd8f42dd00cc0701ac3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028098", "to_ids": true, "type": "sha1", "uuid": "548981e0-3836-4583-bbbc-df329d946a1c", "value": "3717505a61ad86b47ca05701784b2e0986fd587c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028098", "to_ids": true, "type": "sha256", "uuid": "9d465335-a921-4655-9b63-6332a61b3ca6", "value": "e6877594ba68125b85a56ac3c222b68d1fa0067f1e1117f58bd763aa077233ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026523", "to_ids": true, "type": "ssdeep", "uuid": "a5f85970-11ad-4e76-ac65-46af05efb7de", "value": "24:2VZkIVepjxVeZfOwQpU6lBr8VWf7e0uB3MNmfvVRh9hl5toiK33OzM5fwnFco0wr:2zbepTexOwIU6l+Vy2SmXlx/UI1L3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026523", "to_ids": false, "type": "size-in-bytes", "uuid": "40645b93-7d4e-489b-9e92-fced29e40b7a", "value": "2090" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026523", "to_ids": true, "type": "filename", "uuid": "4a2996d9-4b21-4c9c-802b-c2ee33d2ba7e", "value": "TasFileNotFound404.aspx" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 07/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026523", "to_ids": false, "type": "text", "uuid": "59c40e4b-41d5-4058-afe8-c1c5e2a6dc35", "value": "IoCs related to PARISITE\r\nType Description: HTML\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/61\nFirst Submission:2024-10-06T13:12:07.000000+00:00\nLast Submission:2024-10-06T13:13:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774032035", "uuid": "dfb9a6a4-dc8d-4146-99f1-f78a5304a8dc", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774032035", "to_ids": true, "type": "md5", "uuid": "390e1251-af97-4e47-aa0e-8cf1f29e39ab", "value": "6445cddd5284516b192330a2805606de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028100", "to_ids": true, "type": "sha1", "uuid": "34b1c220-3f96-4764-b613-827039e287d6", "value": "e3b707f2479b1b9ceb14dadc9b96c94cac22c327", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028100", "to_ids": true, "type": "sha256", "uuid": "29bceebd-e12c-4dee-a9be-de863da38cd7", "value": "29441fac132411894c79577489274fce14e1cf9bf166a0a9a981d1a139f11af6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026567", "to_ids": true, "type": "ssdeep", "uuid": "fcd255b0-8255-4ed8-83c3-6f202c010102", "value": "98304:KpFs7wrZsiuIE3BUzQoH9SRgI1KcGuMUaXvtFRRWqt5rzFpl:Kpm7Gsf3BeGg/tfvtF7Wqt5r5D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026567", "to_ids": false, "type": "size-in-bytes", "uuid": "940d12f6-d247-4e9e-97f8-35a387f8135d", "value": "11751424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774026567", "to_ids": true, "type": "vhash", "uuid": "1b1776a4-0ca3-4250-a582-9611793ab412", "value": "0170f6655d55551555757az2e!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026567", "to_ids": true, "type": "filename", "uuid": "4b5b3c72-6e0b-412e-a17f-9a712271688d", "value": "2025-12-26_6445cddd5284516b192330a2805606de_coinminer_dosia_frostygoop_ghostlocker_glassworm_knight_luca-stealer_poet-rat_quasar-rat_salatstealer_sliver_snatch" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 26/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026567", "to_ids": false, "type": "text", "uuid": "469ff044-27ab-4f3a-bab2-9a29dcb925f5", "value": "IoCs related to PARISITE\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:38/72\nFirst Submission:2024-11-25T08:36:07.000000+00:00\nLast Submission:2025-12-26T11:09:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774032056", "uuid": "ebb424d1-a3d1-4add-a463-d839c20a02e8", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774032056", "to_ids": true, "type": "md5", "uuid": "e4a8cdc2-702f-4398-baaa-e30d3b3fd35d", "value": "fe94c576b99dcc99b1c82fce00af97ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028103", "to_ids": true, "type": "sha1", "uuid": "24782c76-1ba0-4334-99fd-ab220ff2fb89", "value": "aea717754ba2ba8fb3981bb87837b150ab659023", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028103", "to_ids": true, "type": "sha256", "uuid": "6d6ffe7e-b232-45dd-adc6-86ca83ba41ae", "value": "3e20143e3e6346e09009109c997e91ce135eafc20496a02b2d5bad4a0b2a823c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026660", "to_ids": true, "type": "ssdeep", "uuid": "8bfcc14b-d832-4476-b904-abd4ce1d5a9b", "value": "98304:FNE2/fNpo5pemooOoC3iQ5Ao2oPOt6rv8TT5bNGcP/NT41ue+ROhNZkJKfyq1t4C:DE2/CemooOoyz5XPOv5svw1B6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026660", "to_ids": false, "type": "size-in-bytes", "uuid": "1cc883cd-9c95-4ebd-ab89-fac3c729dc09", "value": "29527784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774026660", "to_ids": true, "type": "vhash", "uuid": "143d8f57-74cd-4ece-b703-87559482de29", "value": "027096655d15551d15541az31!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026660", "to_ids": true, "type": "filename", "uuid": "fffee0e9-229a-4bf5-896b-7d3cb7e51ac0", "value": "ngrok.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 17/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026660", "to_ids": false, "type": "text", "uuid": "68278589-ee50-4e45-8721-add0cc35b538", "value": "IoCs related to PARISITE\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:22/72\nFirst Submission:2024-04-24T23:18:11.000000+00:00\nLast Submission:2025-10-22T21:27:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1774032077", "uuid": "ec144971-ace7-4046-9478-6980e55c6056", "Attribute": [ { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1774032077", "to_ids": true, "type": "md5", "uuid": "310bf5f8-3cc2-4763-9919-62a63d95d203", "value": "e736229e890a138ccf7810e00a6bb50d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1774028105", "to_ids": true, "type": "sha1", "uuid": "edcd9b47-0d98-483b-b2f6-af8bf20515e0", "value": "10955a02ef3fd3f80f20062c401bf7960ff6ce94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "IoCs related to PARISITE", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1774028105", "to_ids": true, "type": "sha256", "uuid": "21f7cd95-e362-45a5-ae97-03d2ccb74fcc", "value": "17fb52476016677db5a93505c4a1c356984bc1f6a4456870f920ac90a7846180", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1774026769", "to_ids": true, "type": "ssdeep", "uuid": "801038c5-8bb2-403c-9140-d207fe13f81c", "value": "3072:N3OzejfU9BTm3NGw30IquiYo00T33rHiZ2S9k2pMmexQEf:lO6jsHmFpquwuZ2S9k3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1774026769", "to_ids": false, "type": "size-in-bytes", "uuid": "b4cac26a-e2d6-45a4-8413-e7a06647b158", "value": "140800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1774026769", "to_ids": true, "type": "vhash", "uuid": "ea18671a-8dc5-4edf-8241-cd5a67337945", "value": "015056655d155510907021z9003b2a5z27z42z4cfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1774026769", "to_ids": true, "type": "filename", "uuid": "dbfb1539-8f09-4533-9c1e-353b0d5215f8", "value": "netpass.exe" }, { "category": "Other", "comment": "Checked: 21/03/2026\nLast-scan\t: 20/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1774026769", "to_ids": false, "type": "text", "uuid": "72a6181b-bfa2-48a9-ba30-d7cd84b0065e", "value": "IoCs related to PARISITE\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:50/71\nFirst Submission:2024-01-16T19:00:37.000000+00:00\nLast Submission:2026-03-20T08:40:07.000000+00:00" } ] } ] } }