{ "Event": { "analysis": "1", "date": "2017-06-12", "extends_uuid": "", "info": "[Threat Intel] Industroyer: Biggest threat to industrial control systems since Stuxnet", "protected": false, "publish_timestamp": "1772419919", "published": true, "threat_level_id": "1", "timestamp": "1772419917", "uuid": "3552e71b-675c-4291-afbf-8399ac6af719", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771858999", "to_ids": false, "type": "link", "uuid": "edf8f7a6-ac04-4acc-b1ab-0ba3b0cd0421", "value": "https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771858999", "to_ids": false, "type": "link", "uuid": "0718cbff-8c17-46e0-a0cd-7db128030a32", "value": "https://web-assets.esetstatic.com/wls/2017/06/Win32_Industroyer.pdf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771860650", "to_ids": true, "type": "ip-dst", "uuid": "be542c6c-e20a-4422-991e-c0be851b730a", "value": "195.16.88.6", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771860671", "to_ids": true, "type": "ip-dst", "uuid": "9518cfe1-1a8b-4ec2-b40f-87221abdecc6", "value": "46.28.200.132", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771860693", "to_ids": true, "type": "ip-dst", "uuid": "3c6283af-1dee-4af1-91ba-1b2dcb7401b2", "value": "188.42.253.43", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771860714", "to_ids": true, "type": "ip-dst", "uuid": "99e34a7d-010f-4789-ad04-3170bc49f0a6", "value": "5.39.218.152", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771860735", "to_ids": true, "type": "ip-dst", "uuid": "94f572f8-5baa-4408-ad2f-632c2b38ab93", "value": "93.115.27.57", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771859027", "to_ids": false, "type": "vulnerability", "uuid": "b6a576f9-0bd9-4301-a3ff-5b63f40cf3a9", "value": "CVE-2015-5374" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771860757", "uuid": "29bce238-2d0d-48b9-a3ce-0b9ccc6fa63c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771860757", "to_ids": true, "type": "md5", "uuid": "d1e7d223-16f9-43a6-ba99-76aeb022c1cd", "value": "f67b65b9346ee75a26f491b70bf6091b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771860637", "to_ids": true, "type": "sha1", "uuid": "1ace82b5-6d6a-4525-b60d-5daed1998351", "value": "f6c21f8189ced6ae150f9ef2e82a3a57843b587d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771860637", "to_ids": true, "type": "sha256", "uuid": "8ee304ba-e930-4ac6-be62-bf8eda176b6f", "value": "37d54e3d5e8b838f366b9c202f75fa264611a12444e62ae759c31a0d041aa6e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771860424", "to_ids": true, "type": "ssdeep", "uuid": "f914a030-426b-4873-930c-0df38a505d50", "value": "192:7YmE5zgvM3cGfjnhDVYPp6GSDyBESi3eiKxWvJCDpFnTZ0k:7YVgk3VjnFVRJp39GWJCDpFTZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771860424", "to_ids": false, "type": "size-in-bytes", "uuid": "17c3f2e9-a16f-4b50-862a-34f4f521669c", "value": "10752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771860424", "to_ids": true, "type": "vhash", "uuid": "79eca19f-9d5f-47ca-871d-2244fb26c451", "value": "014056551d055550d8z27hz2020102fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771860424", "to_ids": true, "type": "filename", "uuid": "abe7673d-3714-411a-838e-936f9d28e2a3", "value": "2max4.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771860424", "to_ids": false, "type": "text", "uuid": "9c5005ea-3f05-4061-9508-5d49c93d8ce4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/CrashOverride.A!dha\nVT Total Detection:62/72\nFirst Submission:2016-12-20T09:21:17.000000+00:00\nLast Submission:2025-07-20T07:34:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771860778", "uuid": "416f4ff2-627b-44dd-ab0b-80585afc9b32", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771860778", "to_ids": true, "type": "md5", "uuid": "e15c50fb-419a-43a2-9ade-10476bc5c783", "value": "fc4fe1b933183c4c613d34ffdb5fe758", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771860638", "to_ids": true, "type": "sha1", "uuid": "b576063b-ed71-4522-9a7c-87dba74b5543", "value": "cccce62996d578b984984426a024d9b250237533", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771860639", "to_ids": true, "type": "sha256", "uuid": "6f8f011f-4061-4cf8-9f8a-7898b85a794a", "value": "6d707e647427f1ff4a7a9420188a8831f433ad8c5325dc8b8cc6fc5e7f1f6f47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771860446", "to_ids": true, "type": "ssdeep", "uuid": "a6ded8c9-025c-4c78-97ba-4499a71f05b0", "value": "192:JYmE5zgvM3cGfjntdYOapCGSDyBE+di3eKKxWvJCDpFnTZ0k:JYVgk3VjntdfhJ+03xGWJCDpFTZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771860446", "to_ids": false, "type": "size-in-bytes", "uuid": "4ffb87fc-f660-4ef0-8c5e-3eb27a154ab5", "value": "10752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771860446", "to_ids": true, "type": "vhash", "uuid": "47185ed1-6c7a-47ba-90e7-4529eb28ae44", "value": "014056551d055550d8z27hz2020102fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771860446", "to_ids": true, "type": "filename", "uuid": "8c5ae12c-a51c-40b3-a042-263dfe81f86a", "value": "3s3fef0.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771860446", "to_ids": false, "type": "text", "uuid": "3d418b18-5db9-4e30-8f8d-db17915ec7d4", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/CrashOverride.A!dha\nVT Total Detection:53/72\nFirst Submission:2016-12-18T14:07:28.000000+00:00\nLast Submission:2024-09-26T13:11:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771860799", "uuid": "65a2e9b5-7179-43f8-b2df-e6cea9132460", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771860799", "to_ids": true, "type": "md5", "uuid": "0126c0af-5549-4c7d-a42a-1d6340461f46", "value": "11a67ff9ad6006bd44f08bcc125fb61e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771860640", "to_ids": true, "type": "sha1", "uuid": "d9fbf47b-b2f5-44d0-94e0-758fb8aa8b62", "value": "8e39eca1e48240c01ee570631ae8f0c9a9637187", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771860640", "to_ids": true, "type": "sha256", "uuid": "6ab26744-be90-4936-ab9b-1036dc7d745c", "value": "3e3ab9674142dec46ce389e9e759b6484e847f5c1e1fc682fc638fc837c13571", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771860468", "to_ids": true, "type": "ssdeep", "uuid": "e128e529-5a4a-4846-8adf-1281bf1a5a27", "value": "1536:65kQyQKkuX+tRahJBQknNpZj5OnBFAjzfNT36Akr8fMDQJ9sWm4CfcdIcNhBE1:65kQyQKkuX+tA7j5OBWHVTqJrrDwPCOu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771860468", "to_ids": false, "type": "size-in-bytes", "uuid": "d7cff4b9-4316-453a-b7cc-1010cb1ed8f0", "value": "88576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771860468", "to_ids": true, "type": "vhash", "uuid": "00b1c26e-074a-4d21-a3f8-804add16221f", "value": "084066655d151555619z58hz2020102fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771860468", "to_ids": true, "type": "filename", "uuid": "b3ac92ca-bddb-46ff-ab95-457d940abf17", "value": "usw4eo.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 06/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771860468", "to_ids": false, "type": "text", "uuid": "6bafd0a2-a9f9-4e82-8598-7716fceeba5b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/CrashOverride.A!dha\nVT Total Detection:62/72\nFirst Submission:2016-12-18T14:05:39.000000+00:00\nLast Submission:2025-06-23T02:41:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771860821", "uuid": "2e00c328-3b97-422f-be00-00a45e9fb11e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771860821", "to_ids": true, "type": "md5", "uuid": "528de137-6f08-4c38-8dee-01e8862a491a", "value": "ff69615e3a8d7ddcdc4b7bf94d6c7ffb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771860641", "to_ids": true, "type": "sha1", "uuid": "988733a3-9dea-4cdf-8050-5e4f67a80de9", "value": "2cb8230281b86fa944d3043ae906016c8b5984d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771860641", "to_ids": true, "type": "sha256", "uuid": "0f1046f4-ed02-4801-ac4e-41944cda7f0a", "value": "ecaf150e087ddff0ec6463c92f7f6cca23cc4fd30fe34c10b3cb7c2a6d135c77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771860490", "to_ids": true, "type": "ssdeep", "uuid": "dc7f113a-60bf-46ff-9f9d-46d11fe707bf", "value": "1536:4mlzHdKCtCgl4DgBbAhSk/NOoBD+niVAjzfNT36WBrMf4QJKLsWhcdIyeGvm3VAN:4mVHdKCtCa9xCBD+iGHVTq2rPwKmIyI0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771860490", "to_ids": false, "type": "size-in-bytes", "uuid": "46caf0c6-8e9c-4a52-ac02-5a7d4db8b9d8", "value": "89088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771860490", "to_ids": true, "type": "vhash", "uuid": "5565509d-a334-4df4-8e72-88ac7b680e04", "value": "084066655d151555619z58hz2020102fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771860490", "to_ids": true, "type": "filename", "uuid": "7d26a970-88f7-4299-8d22-943b8271100f", "value": "cigjy0.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 06/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771860490", "to_ids": false, "type": "text", "uuid": "ad7bccd9-d7d3-44c0-9280-66361d1e2813", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/CrashOverride.A!dha\nVT Total Detection:64/72\nFirst Submission:2016-12-18T14:08:21.000000+00:00\nLast Submission:2024-08-06T08:33:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771860842", "uuid": "95d85a2c-9123-42bf-b7b9-0518ee9d138a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771860842", "to_ids": true, "type": "md5", "uuid": "1e2375b6-57fb-4cd5-bf78-dec6d9b8b11b", "value": "f9005f8e9d9b854491eb2fbbd06a16e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771860642", "to_ids": true, "type": "sha1", "uuid": "72114e5c-9d3a-48cb-bd23-c1bbcf09f62a", "value": "79ca89711cdaedb16b0ccccfdcfbd6aa7e57120a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771860642", "to_ids": true, "type": "sha256", "uuid": "3d30faa7-6d76-4090-b1b4-f380b73d2ff8", "value": "21c1fdd6cfd8ec3ffe3e922f944424b543643dbdab99fa731556f8805b0d5561", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771860511", "to_ids": true, "type": "ssdeep", "uuid": "6e53465c-5d5d-4259-87a8-bb3f31cfd80c", "value": "1536:1730kyqC5KnUjdA6j/WZW9UaBECv6lQJnCsW1wnLcd2AhNs6Qaw:dnUjKm+49UaCCkwvna2AhNsNT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771860511", "to_ids": false, "type": "size-in-bytes", "uuid": "53da3cac-79b8-4e1e-86ea-2dfe61abccb7", "value": "74240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771860511", "to_ids": true, "type": "vhash", "uuid": "d3871689-4095-4a61-9ce5-649bfd2be9f3", "value": "074066655d1515556038z51hz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771860511", "to_ids": true, "type": "filename", "uuid": "793015ba-f06b-4c6f-97ea-677e9f8802ac", "value": "21c1fdd6cfd8ec3ffe3e922f944424b543643dbdab99fa731556f8805b0d5561.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 06/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771860511", "to_ids": false, "type": "text", "uuid": "224ef43c-1258-425e-aa96-0134cd7706c6", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/CrashOverride.A\nVT Total Detection:60/72\nFirst Submission:2016-12-19T09:47:05.000000+00:00\nLast Submission:2025-12-15T13:19:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771860863", "uuid": "a77c8f04-e137-4acd-9aae-7170edce0e6e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771860863", "to_ids": true, "type": "md5", "uuid": "51a9079f-da86-41a6-a594-8758f572933b", "value": "a193184e61e34e2bc36289deaafdec37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771860644", "to_ids": true, "type": "sha1", "uuid": "e7f0233c-c866-4947-a8e5-533e3d19577d", "value": "94488f214b165512d2fc0438a581f5c9e3bd4d4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771860644", "to_ids": true, "type": "sha256", "uuid": "21bf398f-1c67-4105-b5bd-79055a41809e", "value": "7907dd95c1d36cf3dc842a1bd804f0db511a0f68f4b3d382c23a3c974a383cad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771860533", "to_ids": true, "type": "ssdeep", "uuid": "f85322b6-2ead-469e-bcea-ccf087283a63", "value": "3072:McaprOfoaXmgD31r4VWBvRZoiTprUZNZ9VQ6s6W9:McuOJ2gD31QW51pgE6st9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771860533", "to_ids": false, "type": "size-in-bytes", "uuid": "8388dcd7-6929-45c3-8ac3-cd9b27f55187", "value": "136704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771860533", "to_ids": true, "type": "vhash", "uuid": "824a645a-5ad6-45ed-9b25-7dead8ebe6e8", "value": "115066655d1515556az4dvza6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771860533", "to_ids": true, "type": "filename", "uuid": "6cf8525c-7053-4427-be52-3259e2e2fd7f", "value": "fxrhgtw.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771860533", "to_ids": false, "type": "text", "uuid": "25d7b2cf-8c38-4f74-8824-ef04b13cdf8f", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/CrashOverride.A\nVT Total Detection:58/72\nFirst Submission:2016-12-19T10:06:04.000000+00:00\nLast Submission:2025-07-08T03:25:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771860885", "uuid": "0997d587-a193-48b8-bc01-fae11cfcd062", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771860885", "to_ids": true, "type": "md5", "uuid": "42248e84-b3f5-429c-8ec2-197782cec036", "value": "ab17f2b17c57b731cb930243589ab0cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771860644", "to_ids": true, "type": "sha1", "uuid": "4a1b85ac-7572-4f82-a5cb-deb5e7518d3b", "value": "5a5fafbc3fec8d36fd57b075ebf34119ba3bff04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771860644", "to_ids": true, "type": "sha256", "uuid": "6ebea474-9b25-4dd5-99d1-aa31dfdf8cd9", "value": "018eb62e174efdcdb3af011d34b0bf2284ed1a803718fba6edffe5bc0b446b81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771860555", "to_ids": true, "type": "ssdeep", "uuid": "1ba7b063-56c0-410e-ba34-4988d1aa7766", "value": "1536:ipIv8wiD3kkZZpgq8QK8mfkCwbq4QY1sWfScdAUehZfh9UQ:kwPQ6MbtF3TAUehZZ9J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771860555", "to_ids": false, "type": "size-in-bytes", "uuid": "790822e8-b34f-4059-bfc0-b19099234c78", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771860555", "to_ids": true, "type": "vhash", "uuid": "be8e727a-707a-4c33-a6b9-dc9b9a15fb9a", "value": "174066655d1515556048z4bbz15z21z1ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771860555", "to_ids": true, "type": "filename", "uuid": "beab9aa0-4686-4acf-828c-f60691f1547a", "value": "exkko.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 06/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771860555", "to_ids": false, "type": "text", "uuid": "d2adb64a-3ed2-4552-b1eb-5011be02f759", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/CrashOverride.A!dha\nVT Total Detection:61/72\nFirst Submission:2016-12-19T11:06:32.000000+00:00\nLast Submission:2024-05-08T00:31:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771860907", "uuid": "5b70c0fd-5631-42b5-923f-8f8a982318e6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771860907", "to_ids": true, "type": "md5", "uuid": "0716b436-cdb8-40e2-869e-170c6b4a5ef1", "value": "7a7ace486dbb046f588331a08e869d58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771860646", "to_ids": true, "type": "sha1", "uuid": "cd34f23f-4856-46cc-919b-00ecc4b1bdd6", "value": "b92149f046f00bb69de329b8457d32c24726ee00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771860646", "to_ids": true, "type": "sha256", "uuid": "8e6e1f2c-8086-45d7-91af-63048d69a267", "value": "ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771860577", "to_ids": true, "type": "ssdeep", "uuid": "5d08e46f-5342-46e2-a33b-871444f4ad91", "value": "1536:txjX3k9R4Bdde5eFN73+WmS3UJ64b69AQJRCsWmcd2jjGVjpU:jddewFVO1S3I64LwRg2jjGJK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771860577", "to_ids": false, "type": "size-in-bytes", "uuid": "30fac197-1549-4675-8155-15ace2506442", "value": "76800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771860577", "to_ids": true, "type": "vhash", "uuid": "d98cf8dc-d021-4a3d-abc8-e0fc6ba03f9c", "value": "074066655d1515556048z49bz15z21z1ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771860577", "to_ids": true, "type": "filename", "uuid": "ece7bc9b-2c0e-4c58-b33a-7bfb9a4a9e81", "value": "625yo1.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 15/09/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771860577", "to_ids": false, "type": "text", "uuid": "f5fa4a4d-f439-4a30-90d8-f27afb96c2e6", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/CrashOverride.A!dha\nVT Total Detection:65/72\nFirst Submission:2016-12-19T09:58:43.000000+00:00\nLast Submission:2023-06-19T08:39:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771860929", "uuid": "927f1b4d-e16d-4ac0-9e5b-6c9f53ffc975", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771860929", "to_ids": true, "type": "md5", "uuid": "0d63cf9d-87bc-4ca4-9c5f-2e829bca55f0", "value": "497de9d388d23bf8ae7230d80652af69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771860647", "to_ids": true, "type": "sha1", "uuid": "5894f5c8-adfb-42b7-8b8f-1c27e0e65074", "value": "b335163e6eb854df5e08e85026b2c3518891eda8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771860647", "to_ids": true, "type": "sha256", "uuid": "b02263d1-9723-4ee2-ae08-efbddae061ac", "value": "893e4cca7fe58191d2f6722b383b5e8009d3885b5913dcd2e3577e5a763cdb3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771860598", "to_ids": true, "type": "ssdeep", "uuid": "50953c03-72f3-4481-a44d-e539711c2f29", "value": "3072:+vEcGwRrYeqmIJ2Frd5yTutsJB8C2W+yJE608XXRh+60m6UpSe5B4:I/nRM+I0FrCBF2WFuNle5O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771860598", "to_ids": false, "type": "size-in-bytes", "uuid": "37fb2f75-967d-400d-92a5-daf9b44bf7ad", "value": "174080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771860598", "to_ids": true, "type": "vhash", "uuid": "b6e8996c-f3d7-496a-94c9-29275a93e87f", "value": "01503e0f7d1019z6vz17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771860598", "to_ids": true, "type": "filename", "uuid": "c1aec8fb-e0b3-4b60-bc7e-7b822628c54d", "value": "vef5dh.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771860598", "to_ids": false, "type": "text", "uuid": "216419dc-d4a9-4982-9f92-595ecf754a85", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/CrashOverride.A\nVT Total Detection:61/72\nFirst Submission:2016-12-20T21:05:22.000000+00:00\nLast Submission:2025-03-11T11:46:30.000000+00:00" } ] } ] } }