{ "Event": { "analysis": "1", "date": "2026-04-17", "extends_uuid": "d42b2320-8712-4593-b764-e1bb241f8fa2", "info": "[Threat Intel] Iran-Linked PLC Exploitation Expands Across US Critical Infrastructure", "protected": false, "publish_timestamp": "1777816506", "published": true, "threat_level_id": "2", "timestamp": "1776767283", "uuid": "38ba8130-fab8-4e81-b65b-69b2ea90cb60", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"PolySwarm\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Gas\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Oil\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Water\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT33\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"BANISHED KITTEN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Cyber Av3ngers\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"OilRig\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1776731205", "to_ids": false, "type": "link", "uuid": "80328c11-158d-4a95-8089-546c20b8edc4", "value": "https://blog.polyswarm.io/iran-linked-plc-exploitation-expands-across-us-critical-infrastructure" }, { "category": "Payload delivery", "comment": "Refined Kitten No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735824", "to_ids": true, "type": "sha256", "uuid": "91eb509e-3075-46f2-9e4b-241b44b6c574", "value": "ea463dd003087dded83ab8483d43a6062bda20f934bd0291ee0ead0ff5c0f479", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735826", "to_ids": true, "type": "sha256", "uuid": "645c45e3-59d5-47e9-9f70-df2bdac9784f", "value": "561d5036a1ecb3f12f2a0e9a439106b794993273f5775fe801717cd13ceb7631", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735826", "to_ids": true, "type": "sha256", "uuid": "6792b084-e498-42a5-bcc7-7c40aac96645", "value": "d8b99e80f9f21e66aad6bcfed6322370838ffbfced2b61a3176071e4cbae8ee5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735827", "to_ids": true, "type": "sha256", "uuid": "46bc21a8-59c5-4a92-80fc-d92c0f21763c", "value": "fbd3502ae51ab7d70fd2908e218588adc3818752cf3150bbd75fd1623ad18aa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735827", "to_ids": true, "type": "sha256", "uuid": "0f1fc42e-c0ba-474a-abfd-b23377b4a6a8", "value": "bbf576ed1837e891ca6822baaadba6e2dfd6f27decea7c4ce1fa19637bd9c18c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten No sample in VT\r\nLast check:21/04/2026", "deleted": false, "disable_correlation": false, "timestamp": "1776735828", "to_ids": true, "type": "sha256", "uuid": "378d8841-c281-40d1-bf75-0e782c719283", "value": "b004bbed136b5adb575f168abec41ea78764c74d195ba2ffc0adc11f0bd5d6b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736350", "uuid": "facf8e8e-7aca-493d-8d31-73eb6cb8c1fe", "Attribute": [ { "category": "Payload delivery", "comment": "CyberAv3ngers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736350", "to_ids": true, "type": "md5", "uuid": "6ee421a7-cdf9-42fd-bec4-d7c201ae22db", "value": "c92e2655d115368f92e7b7de5803b7bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CyberAv3ngers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735740", "to_ids": true, "type": "sha1", "uuid": "7432c94d-269b-4809-8e2d-2fea7da1ee8a", "value": "366e435a1ea0f597deb6ebe7c0c5acdb6e8b33eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CyberAv3ngers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735740", "to_ids": true, "type": "sha256", "uuid": "84e25dc8-388e-4cd8-98f5-51e546833888", "value": "1b39f9b2b96a6586c4a11ab2fdbff8fdf16ba5a0ac7603149023d73f33b84498", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733743", "to_ids": true, "type": "ssdeep", "uuid": "437e43be-5fe5-4cac-b1af-956f66342d7d", "value": "384:PTlCwsCROIIuZkdKIf5C+UCOP32ZU4UKa:4wsCR010C832ZHUKa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733743", "to_ids": false, "type": "size-in-bytes", "uuid": "668fc493-2021-4d1e-b9dc-957fd7593764", "value": "16208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733743", "to_ids": true, "type": "vhash", "uuid": "7e3b1611-033a-4e38-8d60-afb0bc5ddeb3", "value": "11514985d20f0caa4891de35605a94af" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733743", "to_ids": true, "type": "filename", "uuid": "6e099b82-ce96-4cf3-9a4d-793cd726e75e", "value": "c92e2655d115368f92e7b7de5803b7bc___679136bd-a11b-4be5-9479-afbbddcf1aab.elf" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 30/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733743", "to_ids": false, "type": "text", "uuid": "d059f928-a9fd-4b1c-8a25-9a987d778971", "value": "CyberAv3ngers\r\nType Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:33/63\nFirst Submission:2024-01-17T14:33:07.000000+00:00\nLast Submission:2026-02-28T06:55:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736371", "uuid": "598cbd58-930a-42f6-8a80-f9de6f024e63", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736371", "to_ids": true, "type": "md5", "uuid": "703fef25-0943-4ea2-a4c9-b5553aac5c7d", "value": "9682d3aa009c3f83207e72e6fb45b54e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735742", "to_ids": true, "type": "sha1", "uuid": "df3cc3e8-cb0e-4bfa-b177-1a46dfa1e4c6", "value": "878166c2fcb8ef8c0307802c6bedb9e4a40f2edf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735742", "to_ids": true, "type": "sha256", "uuid": "a51e1e0b-0f7c-4172-a019-744cc2bd66d7", "value": "fe7de7efcee88532e66c6fb8c065c986aaa7fa3793ed03a296ff1c76edffc250", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733765", "to_ids": true, "type": "ssdeep", "uuid": "5c9eed98-3c69-4cba-9255-a61bc1c8f606", "value": "49152:e4f249KYXNcfOF7VzTaxth4kx1RLQXEag/Y/Iq3tZDb2XDhsq1sxLDrPVkrWH:e4f24YYdcfOFZextzRPY/hth2TG+WH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733765", "to_ids": false, "type": "size-in-bytes", "uuid": "0c34a15b-bf1a-4f4f-9409-71405b0bd912", "value": "6782976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733765", "to_ids": true, "type": "vhash", "uuid": "53a24323-108c-4273-9899-d0dcf839c991", "value": "fe43cc098163d8fb4f1b2b088de0949b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733765", "to_ids": true, "type": "filename", "uuid": "997841df-327a-4c82-ab98-b720adccb69f", "value": "~DFBE95312D348975CD.TMP" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733765", "to_ids": false, "type": "text", "uuid": "d1754983-74e0-443a-9e27-c7166f8ec7b6", "value": "Static Kitten\r\nType Description: MS Excel Spreadsheet\nMicrosoft: None\nVT Total Detection:4/63\nFirst Submission:2026-04-06T18:57:49.000000+00:00\nLast Submission:2026-04-06T18:57:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736392", "uuid": "ed9e4cc8-e123-4c5b-9e5d-8d1c1b005e08", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736392", "to_ids": true, "type": "md5", "uuid": "ae15ce80-b385-4f03-913d-551c5601cc79", "value": "4de5eb117906fafeefcd4152b5a27c74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735743", "to_ids": true, "type": "sha1", "uuid": "e107c556-24cd-4216-ac71-49bb2a83edb7", "value": "b7546f4d2177c35012b5c4b0c187e15ca734112c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735743", "to_ids": true, "type": "sha256", "uuid": "afcfb4cd-54c7-46d3-a5d6-dadeffa3390e", "value": "deb3ebba2541fa7de3d6262bf8a757f35128a028d02ccbf4ee33a2496d25b9c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733786", "to_ids": true, "type": "ssdeep", "uuid": "4c801543-e801-43b7-9ff7-b415ee83cac8", "value": "12288:5Z4E9Balg/mvOjQbzMciDUWslG+y2e1KpOkSNuy0zbMDlaN:3eVLbMDg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733787", "to_ids": false, "type": "size-in-bytes", "uuid": "fcba11b3-5a33-4a95-b150-4be66883e174", "value": "734720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733787", "to_ids": true, "type": "vhash", "uuid": "d6d15b85-6a3e-4725-882b-1c6892634224", "value": "075046655d555bzd#z1a1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733787", "to_ids": true, "type": "filename", "uuid": "8db58885-bb39-43e6-b940-c7505571bca2", "value": "run.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733787", "to_ids": false, "type": "text", "uuid": "b5274e8e-657c-423b-ab9b-ba1e457ed593", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/72\nFirst Submission:2015-01-18T20:32:22.000000+00:00\nLast Submission:2026-01-01T14:49:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736414", "uuid": "77658718-da96-43e8-b463-45077d75e52b", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736414", "to_ids": true, "type": "md5", "uuid": "cd49a718-47ee-4970-93ab-a890538028cc", "value": "720c23e7d1df917bfcd02e80dde83dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735744", "to_ids": true, "type": "sha1", "uuid": "dfb51ba8-4adf-446f-aef3-4081e7555362", "value": "c9d9a4fb63a9785c5d57da72246873c57629024f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735745", "to_ids": true, "type": "sha256", "uuid": "b505a90a-fc3a-4d8b-adaa-04f3a11d3b46", "value": "46a56ffbe3a8378bf48be43434a41b064aa66e9c33ccf3b4fb6841e8316c7f4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733809", "to_ids": true, "type": "ssdeep", "uuid": "d8ed5544-3e89-42ef-b084-2a9ea7648641", "value": "384:VlmOGS0aXt+BaljOkLSaPaneBCQoZVIguggL2R6mVC+lxqo:7mOGS0alOkLSaPan0Cn3z8mVCOxqo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733809", "to_ids": false, "type": "size-in-bytes", "uuid": "5ce96b42-e2b3-486a-9668-bf6a1584c128", "value": "21504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733809", "to_ids": true, "type": "vhash", "uuid": "d558746c-3369-4b3e-a272-26816c3b5876", "value": "024046655d555az2b#z2e1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733809", "to_ids": true, "type": "filename", "uuid": "77c9c028-a3a6-4815-b07a-c16a03b6553e", "value": "aws.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733809", "to_ids": false, "type": "text", "uuid": "384bbd50-9d37-4087-bb61-aec5e5075e29", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/72\nFirst Submission:2026-03-25T08:22:37.000000+00:00\nLast Submission:2026-03-25T08:22:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736435", "uuid": "5f5b246b-bf67-438b-aac6-e96b4be3561d", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736435", "to_ids": true, "type": "md5", "uuid": "6739c86f-b093-464c-8b53-f2c817d00677", "value": "1ba4e02d6fda8c4a7ebee5a0a5af9bc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735745", "to_ids": true, "type": "sha1", "uuid": "362a4616-f3e8-4220-8d9e-22f221fb38f9", "value": "015cc15e94a4bc437c91b5ad0dd090cbe80d54b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735745", "to_ids": true, "type": "sha256", "uuid": "c9c09d2b-0dbd-4e8e-afe4-ef65291339c0", "value": "13a389493c157668d969585706c364dce8cac6ee6a01a6165950ef03b70fa87b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733831", "to_ids": true, "type": "ssdeep", "uuid": "d9ffcb3d-4077-4c5a-b847-4f0e8a76ab21", "value": "384:VlmOGS0aXt+BaljOkLSaPaneBCQoZVIguggL2R6mcz/qxdE:7mOGS0alOkLSaPan0Cn3z8mczSxdE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733831", "to_ids": false, "type": "size-in-bytes", "uuid": "11b28887-1aa5-4ea5-af9a-1d84d9328dfe", "value": "21504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733831", "to_ids": true, "type": "vhash", "uuid": "772d1113-2911-4632-a161-4b7ce8339696", "value": "024046655d555az2b#z2e1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733831", "to_ids": true, "type": "filename", "uuid": "11cb960d-4e01-4733-b6f6-6406fe1c8969", "value": "aws.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733831", "to_ids": false, "type": "text", "uuid": "a37f7463-d9fa-4331-a7da-50e6b50e46b7", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/72\nFirst Submission:2026-03-25T08:05:27.000000+00:00\nLast Submission:2026-03-25T08:05:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736456", "uuid": "f9b2e29d-b31d-498f-b8fd-824cd5923756", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736456", "to_ids": true, "type": "md5", "uuid": "1874031d-680d-4496-91b0-8939d33619c4", "value": "0e7cafcc1b26670bb8e867cf2bbac731", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735746", "to_ids": true, "type": "sha1", "uuid": "9e332ff6-43ff-4ce8-a09d-f9f044e38b9f", "value": "f70526aff8317030b9d4861b6d5450f85a32548f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735746", "to_ids": true, "type": "sha256", "uuid": "a10b436f-4d6b-4ab3-b267-910a381f22e2", "value": "48f11abab3b6bff988f473f0c5d9f4ee892a3e850873d981b77ed7eca0fec598", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733853", "to_ids": true, "type": "ssdeep", "uuid": "09fce7e3-bfe9-4812-8848-8455689952ff", "value": "384:VlmOGS0aXt+BaljOkLSaPaneBCQoZVIguggL2R6mlCuVxTG:7mOGS0alOkLSaPan0Cn3z8mlCuxTG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733853", "to_ids": false, "type": "size-in-bytes", "uuid": "accc9a06-a5fb-4d1f-a35f-332350ddbaf8", "value": "21504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733853", "to_ids": true, "type": "vhash", "uuid": "9f1df677-635e-4576-bb0a-6449dba99a56", "value": "024046655d555az2b#z2e1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733853", "to_ids": true, "type": "filename", "uuid": "dffb6dab-53bd-4197-96c6-57e22d05789a", "value": "aws.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733853", "to_ids": false, "type": "text", "uuid": "18098d7a-ef1e-4e02-a351-52177bc91e01", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/72\nFirst Submission:2026-03-25T08:46:54.000000+00:00\nLast Submission:2026-03-25T08:46:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736477", "uuid": "ae7c4075-e4fb-4073-8302-10153d6fc3de", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736477", "to_ids": true, "type": "md5", "uuid": "cfd50587-c3c0-4020-8e42-c00961b1af5b", "value": "dbcda18f389fd40c3bbad8031559d6b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735747", "to_ids": true, "type": "sha1", "uuid": "a4fb876c-53a2-4bc4-9297-988543ac8436", "value": "42878d65ec969846b8b50f4fd2f2635b202c2df1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735748", "to_ids": true, "type": "sha256", "uuid": "798ef8ee-08ab-4127-ab00-d96ea460d683", "value": "eaeb5d35b72124f26d737fcc7b6e1632a6fdfc255c7c697670a09ffd248f1fee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733875", "to_ids": true, "type": "ssdeep", "uuid": "66cf63a9-8a2e-4643-8bc0-9cad9bf5d9c5", "value": "196608:QFr2bGXDhLz9k+DxYf+ESb5bNJWYWH+0LwaCS6n7JTKAnMPP9Tigf1N4LIGWTxxr:OrYm1RpNY2JWYWha7KoMHEgfALIlj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733875", "to_ids": false, "type": "size-in-bytes", "uuid": "9a0749f5-0af4-4759-960e-b6f4fe8994db", "value": "11657855" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733875", "to_ids": false, "type": "text", "uuid": "d45d1bd7-51b5-433d-8ba4-46a03c7c6668", "value": "Static Kitten\r\nType Description: CAB\nMicrosoft: None\nVT Total Detection:2/62\nFirst Submission:2026-03-25T08:27:31.000000+00:00\nLast Submission:2026-03-25T08:27:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736499", "uuid": "363b766e-ff23-4c5f-8da1-6177759fa41b", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736499", "to_ids": true, "type": "md5", "uuid": "81b5f3b7-0171-4ac1-9e48-0ae1098b87cf", "value": "2bfc48d69eb4da4a19c64c2a16ecf7ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735749", "to_ids": true, "type": "sha1", "uuid": "b2ddf1c2-d6f2-49e5-b273-81c21f07bbb0", "value": "1026589ed92913e16d11ee6785cdcf9f812ff1ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735749", "to_ids": true, "type": "sha256", "uuid": "572693f4-a1b4-481d-956d-caa00a2a3f6e", "value": "831904199944bc80db1607fea03a4b43790bfe712ca60773c2c74d5153ced561", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733897", "to_ids": true, "type": "ssdeep", "uuid": "b0ced143-e5d6-46c4-94ff-449dc9c07415", "value": "196608:wCv8om4CzXObPQYw6YCAg8fmq0NTxT0NxPLNRswhjhQfGKz9oC6be9Xg36x:tvmbjObIIYCKOPr0NFL1hE5f9XgKx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733897", "to_ids": false, "type": "size-in-bytes", "uuid": "b844f87b-e6a0-40c1-8fa3-95069d9d4369", "value": "10495352" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733897", "to_ids": false, "type": "text", "uuid": "63c50709-57b3-4b2d-b1d3-6e6096398e46", "value": "Static Kitten\r\nType Description: CAB\nMicrosoft: None\nVT Total Detection:11/63\nFirst Submission:2026-03-08T07:15:03.000000+00:00\nLast Submission:2026-03-08T07:15:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736520", "uuid": "c71af914-59d7-4b3e-ae75-f76d456f010c", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736520", "to_ids": true, "type": "md5", "uuid": "35ab5cc6-5055-4714-9c01-a6d3b812e5f4", "value": "7657e26b2dd921f4e2f84ab0bc0eb01c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735750", "to_ids": true, "type": "sha1", "uuid": "16a29429-1988-4be7-9d33-ee4dc2be9fd6", "value": "c55a8411b845b04e0706afe85102bd171cb560cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735750", "to_ids": true, "type": "sha256", "uuid": "9174ef31-6495-427f-b5be-c01fbbe5c123", "value": "139b32bd5f3372766f2448313d7b04c7813fee428f80988da918c971f441cf78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733918", "to_ids": true, "type": "ssdeep", "uuid": "2b0682d6-005f-4486-9a44-4d9a34866bc6", "value": "24:gLwkM8xa00e/PQPKC2gDqB4i1aGFDPQ1NWgGfzfwagbjJpHP06:hkyGAP3HBGGHWgG7fjgbjvvb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733918", "to_ids": false, "type": "size-in-bytes", "uuid": "d6cba4ae-5b9c-4fee-a46d-7602755b6a4c", "value": "1015" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733918", "to_ids": true, "type": "vhash", "uuid": "06376185-f991-4329-bc90-c4b556df6db5", "value": "d4bd9d43793a7d9fcd08729453d7c016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733918", "to_ids": true, "type": "filename", "uuid": "c6df5246-4b2d-43f3-9721-d29562b896b4", "value": "1.ps1" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733918", "to_ids": false, "type": "text", "uuid": "6af31719-f0a7-461a-a85e-05b8ef7af573", "value": "Static Kitten\r\nType Description: Powershell\nMicrosoft: None\nVT Total Detection:8/63\nFirst Submission:2025-09-23T15:20:50.000000+00:00\nLast Submission:2025-09-23T15:20:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736541", "uuid": "6313a66c-ee21-4da3-878e-dc048d741e70", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736541", "to_ids": true, "type": "md5", "uuid": "5e9269d1-7867-4774-b6f8-2728b8989845", "value": "347925639ea8dd57ae1dc74b90e8b41b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735751", "to_ids": true, "type": "sha1", "uuid": "24cca4e9-a890-45d4-941d-66509c663adb", "value": "5db1b3f7e56b0ab0b2b0ce2fd3afb6a01bc56347", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735752", "to_ids": true, "type": "sha256", "uuid": "de2c65b6-4f41-4010-ae40-61e28b9866a6", "value": "97ec5014671dfdd6262812205b2130fcc8ff329c96f2907be86f7c2f3b721c3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733940", "to_ids": true, "type": "ssdeep", "uuid": "fa5c4908-f8f5-4cd2-8076-4c0e8a7e91a4", "value": "49152:n4fC49KYXNcfOF7VzTaxth4kx1RLQXEag/Y/Iq3tZDb2XDhsq1sxLDrPVkrW3:n4fC4YYdcfOFZextzRPY/hth2TG+W3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733940", "to_ids": false, "type": "size-in-bytes", "uuid": "993b5b1e-63cb-45f4-82e1-639d8abe0c1e", "value": "6782976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733940", "to_ids": true, "type": "vhash", "uuid": "c0cd983e-5906-43a0-a2e5-efe01900593c", "value": "322e468b741a308bc3dba543aca167cf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733940", "to_ids": true, "type": "filename", "uuid": "6bdce7da-05a1-4c75-9011-a7fd2f544493", "value": "~DFE112643895108D77.TMP" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733940", "to_ids": false, "type": "text", "uuid": "cc7782e9-2660-4cad-b2fd-cf32474f7677", "value": "Static Kitten\r\nType Description: MS Excel Spreadsheet\nMicrosoft: None\nVT Total Detection:3/63\nFirst Submission:2026-03-04T13:40:12.000000+00:00\nLast Submission:2026-03-04T13:40:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736562", "uuid": "a43d8f06-0e1a-4d19-93b5-b31ba1ab9e70", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736562", "to_ids": true, "type": "md5", "uuid": "6f421c59-6d90-4ddf-9da2-8e4e5585aa38", "value": "7f3c8a7fe78d3d05b6022df3ea0c15fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735752", "to_ids": true, "type": "sha1", "uuid": "ad5f5d30-f26f-4265-aa16-746e5b801d1c", "value": "0ba2306ec15f7124fafc7615e81f34c7986ba9a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735752", "to_ids": true, "type": "sha256", "uuid": "41349f69-e2c2-4b8f-87eb-a6a6a66d8989", "value": "a92d28f1d32e3a9ab7c3691f8bfca8f7586bb0666adbba47eab3e1a8faf7ecc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733962", "to_ids": true, "type": "ssdeep", "uuid": "463ca8a6-0685-49ed-965a-8f8171de1c26", "value": "3072:eLSMqpdvXugbMnvqYhYBCDOh4zUdORB4mRD8wT6T9yRT6Wml5jbxaq1Ta:eWVplAnrYBdYRBZmxaqla" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733962", "to_ids": false, "type": "size-in-bytes", "uuid": "0e250c5a-71ba-43c9-b246-d8b31adfc316", "value": "307656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776733962", "to_ids": true, "type": "vhash", "uuid": "ef946380-974d-4547-a1d5-86bec2efdda7", "value": "035056655d15156018z4fhz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776733962", "to_ids": true, "type": "filename", "uuid": "2b76357d-22e5-4e77-8026-f0de1e82a6bb", "value": "DIDS.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 16/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733962", "to_ids": false, "type": "text", "uuid": "9dbeecf5-48b1-48c7-9eab-2d17eded2a89", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:49/72\nFirst Submission:2026-03-03T06:35:22.000000+00:00\nLast Submission:2026-04-06T15:49:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736583", "uuid": "2a20853b-a013-4fc9-9c70-60e4b79e56dc", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736583", "to_ids": true, "type": "md5", "uuid": "d689e314-c812-4218-80a0-f08fded03579", "value": "3720b84c196b7dd9efd81edbe9a9f116", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735754", "to_ids": true, "type": "sha1", "uuid": "f00cba80-bdb4-4594-a596-a16db118f4f3", "value": "89a98a98af3c7ffa932da7ddeac6c750e4889b79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735754", "to_ids": true, "type": "sha256", "uuid": "97114639-386d-42f9-a7fe-576af8dc0514", "value": "5cd94a1f0290624c2454ab7fde5e9a120a9d52cbb9e14a844aada31f488dc886", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776733983", "to_ids": true, "type": "ssdeep", "uuid": "ead424d1-0db5-4297-9213-69490909cb56", "value": "196608:HNGD6jJdpuA+m0Ih5bNJWubP/xh722MuMKoLZSyIy8hYQKYut5Y5MSFlYAs6W:tZjhuAN0IRJWuV1FfoLZSyneBKYut5Y+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776733983", "to_ids": false, "type": "size-in-bytes", "uuid": "e237a4db-c47f-43a9-9c5e-a88c9f5b8730", "value": "10843030" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776733983", "to_ids": false, "type": "text", "uuid": "c6db9e1a-7dba-4ef7-a481-814aa9fad253", "value": "Static Kitten\r\nType Description: CAB\nMicrosoft: None\nVT Total Detection:2/62\nFirst Submission:2026-02-06T11:37:38.000000+00:00\nLast Submission:2026-02-06T11:37:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736604", "uuid": "f82c478b-48fa-4004-bf99-91955c33511f", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736604", "to_ids": true, "type": "md5", "uuid": "a3f93592-5b27-4fea-a3ae-1f68b061f51f", "value": "423c6d3c34b2747255343c32ad644622", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735755", "to_ids": true, "type": "sha1", "uuid": "640faf17-3b24-495a-b078-aff93581023c", "value": "f62ce37ed98f4a8d2fcb54c5d7e8d969c7fa4d76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735755", "to_ids": true, "type": "sha256", "uuid": "880c348f-8b2a-4090-b814-ea6a8495f362", "value": "d56dbd5cf5a1012021be97c337dad8d14e510c0d24d4bdb1fe3540c57b62e834", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734005", "to_ids": true, "type": "ssdeep", "uuid": "4e881d07-37eb-4977-a3f9-59aef2f12d6f", "value": "384:VlmOGS0aXt+BaljOkLSaPaneBCQoZVIguggL2R6GYtFUxGC:7mOGS0alOkLSaPan0Cn3z8GYtSxGC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734005", "to_ids": false, "type": "size-in-bytes", "uuid": "df811934-4395-4776-b326-adedeb167ffa", "value": "21504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734005", "to_ids": true, "type": "vhash", "uuid": "38dc3c98-91bd-485c-9a2f-08dcee0dd69f", "value": "024046655d555az2b#z2e1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734005", "to_ids": true, "type": "filename", "uuid": "6a1ef179-187f-44f7-b98a-6340fb4b9c92", "value": "aws.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734005", "to_ids": false, "type": "text", "uuid": "1266dd58-fe4c-4c8a-a247-2024c35fe6cd", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/72\nFirst Submission:2026-02-05T20:03:19.000000+00:00\nLast Submission:2026-02-05T20:03:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736626", "uuid": "de77a06d-bc39-4200-9558-86e9dd799e4c", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736626", "to_ids": true, "type": "md5", "uuid": "db75553b-f671-4c32-b603-d3640c27fba7", "value": "2cfb511a0c24604da5aced99f3846fe3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735755", "to_ids": true, "type": "sha1", "uuid": "fea3f8a9-f577-434d-a672-839a45425731", "value": "060e100ceeaa6c2256abfef3873e9acf5567fdb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735756", "to_ids": true, "type": "sha256", "uuid": "9452dc16-5f0c-4d84-bfcf-b275e0a349e9", "value": "b5484990d162391159926dd46e1fd110b75030367a50c828d5756ae4a99f1895", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734027", "to_ids": true, "type": "ssdeep", "uuid": "63c9ed5b-d277-4568-bd9a-7eebc3803b70", "value": "384:VlmOGS0aXt+BaljOkLSaPaneBCQoZVIguggL2R6GpkKlx2I:7mOGS0alOkLSaPan0Cn3z8GpkIx2I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734027", "to_ids": false, "type": "size-in-bytes", "uuid": "f648877c-ecbc-4144-a621-55db68cd6e76", "value": "21504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734027", "to_ids": true, "type": "vhash", "uuid": "1e78d058-f81c-480d-b833-45c63c1996a1", "value": "024046655d555az2b#z2e1z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734027", "to_ids": true, "type": "filename", "uuid": "2f429099-a5a9-4a79-8678-5909f1e35b1a", "value": "aws.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734027", "to_ids": false, "type": "text", "uuid": "04d0424e-b1e0-4592-84cc-5f2d941aa2f4", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:2/72\nFirst Submission:2026-02-05T20:20:40.000000+00:00\nLast Submission:2026-02-05T20:20:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736647", "uuid": "2313dc6d-42e7-4f62-97e7-d2a9f30f8a21", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736647", "to_ids": true, "type": "md5", "uuid": "f42b74f4-2464-4e3d-ba75-018ae267538d", "value": "84bc661467d39232aaa4f3049edcff48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735757", "to_ids": true, "type": "sha1", "uuid": "b99126b7-9046-411b-b3d4-9009d928d5c4", "value": "f7990c360e8312d171e536c363eb3486bce1fc15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735757", "to_ids": true, "type": "sha256", "uuid": "56162a5c-4d18-491d-ab08-4385b66c1f57", "value": "c0ed55e49249f4ef51c4c26f389f88a3d09fb8f3d850469ae1b0825c6d420571", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734050", "to_ids": true, "type": "ssdeep", "uuid": "ccb19cd1-5613-46ea-820e-523cb25c6f42", "value": "1536:Yn3LmZw1r9stKW3OCucRziwW8VmHuD9ITZtsWM3cde4I5DOl5:YbmZQr9sKW3w0iwPkuD9ITTe4I5Kl5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734050", "to_ids": false, "type": "size-in-bytes", "uuid": "f452fdb4-9cee-4b11-bf9b-7c1987db0e0c", "value": "97792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734050", "to_ids": true, "type": "vhash", "uuid": "73a7a9e4-9d10-4b15-9574-6fb8403daf86", "value": "1940566d5d15556az49=z79" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734050", "to_ids": true, "type": "filename", "uuid": "66c08664-0614-4181-a2f9-b64b9daa8e3a", "value": "lfsa0.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734050", "to_ids": false, "type": "text", "uuid": "60bfef77-3024-4196-b79e-35b75dfccf3c", "value": "Static Kitten\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:46/72\nFirst Submission:2025-12-23T10:39:29.000000+00:00\nLast Submission:2025-12-23T10:39:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736668", "uuid": "81b9d50f-f0e4-446c-bb41-a2737261b931", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736668", "to_ids": true, "type": "md5", "uuid": "fd30f82d-3869-424c-b7cb-af0dedb43ea6", "value": "a376f01c72469b6921bd26240e5ee364", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735758", "to_ids": true, "type": "sha1", "uuid": "1aaf1398-96bf-4451-b8cc-0fdb86c13b42", "value": "fbd47e2d8caf6b9ddff322e4da2662a092545e53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735758", "to_ids": true, "type": "sha256", "uuid": "a246c44e-337f-499b-aaab-d6bf6d94f7fc", "value": "c0b42595868cef57dd5bdce14ea234ceec7a971316fe57f3732a2430757e731e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734071", "to_ids": true, "type": "ssdeep", "uuid": "3a8e61af-175b-4bad-83cb-aec75d73e349", "value": "98304:3z29aTwa0f84sZKfm6ncxUNBA3NlxVH7Xvl6Wk4F2BY28cs5KY:3zZFKuAcxUjshrkIqyNKY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734071", "to_ids": false, "type": "size-in-bytes", "uuid": "aeb84489-47fd-412e-ac0b-4e333ec9ecd1", "value": "10099343" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734071", "to_ids": true, "type": "vhash", "uuid": "75fc8acc-d406-46c1-baef-ac77a87be8a8", "value": "0170ae06751d15551d0500b8z63nzcfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734071", "to_ids": true, "type": "filename", "uuid": "d169747a-e867-415e-a9b4-a6f903057ff0", "value": "steam.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734071", "to_ids": false, "type": "text", "uuid": "eac1f62c-c401-4936-9f18-171c090f38e0", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:41/72\nFirst Submission:2025-12-10T04:08:23.000000+00:00\nLast Submission:2025-12-10T04:08:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736689", "uuid": "9b5d64a0-f7f2-4f06-8547-9724850de435", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736689", "to_ids": true, "type": "md5", "uuid": "6d50f7cd-7f3e-4801-9cb3-69da601f13d7", "value": "86c3fc156362842440bd246a60a4acaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735760", "to_ids": true, "type": "sha1", "uuid": "91e35f84-2d5d-4037-bf14-305c3c282f96", "value": "814c1276fbe409ab6cce2ecd12021551979e6ae0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735760", "to_ids": true, "type": "sha256", "uuid": "edb1aceb-1736-4fba-a550-dfe17d7ad41b", "value": "dfca5bc52cd1f08220bb45efdcfb68a9672f20dcf4c1ed542f7f055e8d4e2887", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734093", "to_ids": true, "type": "ssdeep", "uuid": "3b17a55e-7b44-47fe-9e57-a9c77d337978", "value": "12288:tBsBfzwiOOH1BID1jqKjrHg78abQVnKC4ctAgk1Tw:nmrlnH12qKjrAYlVnKC4Dj9w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734093", "to_ids": false, "type": "size-in-bytes", "uuid": "cc2d3a29-dff3-45c2-b9f0-32fc638bdf6a", "value": "657136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734093", "to_ids": true, "type": "vhash", "uuid": "f12e3653-bcab-47ea-8ce9-634aa9ad488a", "value": "065066657d1555555az4a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734093", "to_ids": true, "type": "filename", "uuid": "836da52f-41ad-48c4-bbc9-d1ef4ac32d2b", "value": "3dsopzd9z.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734093", "to_ids": false, "type": "text", "uuid": "47652293-eb97-4f29-b493-c614ed2f5343", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/MuddyWater.DA!MTB\nVT Total Detection:49/72\nFirst Submission:2025-12-09T19:25:29.000000+00:00\nLast Submission:2025-12-09T19:25:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736710", "uuid": "c52b2a14-1bda-49d2-af52-af6156764ba5", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736710", "to_ids": true, "type": "md5", "uuid": "269ed76d-f120-4b6c-a43f-35ba825af96e", "value": "007fa40cc1391f69cfa470b41b98a5d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735760", "to_ids": true, "type": "sha1", "uuid": "f49476ff-344d-4e59-89a0-d9aca53319a8", "value": "2d7fb4efb45a54d62c44a00787daeafbc64eb470", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735761", "to_ids": true, "type": "sha256", "uuid": "b3488e6e-fd03-41db-88db-ed9bb70a7be8", "value": "812a928d73fd076f0920a9dd80c54cb6a7c0185b97576a0d9d7ff66d0a53f7c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734115", "to_ids": true, "type": "ssdeep", "uuid": "06145ecb-285e-4abd-a1e7-7dfb6cc92576", "value": "12288:jBsBfnwiOOH1BID1jqKjrHg78abQVnKC4ctAgk14:Nm/lnH12qKjrAYlVnKC4Dju" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734115", "to_ids": false, "type": "size-in-bytes", "uuid": "a9ae1b0d-1ebd-4cda-82f7-e8f5db04d43e", "value": "657136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734115", "to_ids": true, "type": "vhash", "uuid": "e43e0eb7-36e2-48af-8850-c8cc26ae8881", "value": "065066657d1555555az4a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734115", "to_ids": true, "type": "filename", "uuid": "3a5c5d47-09d7-4593-a591-e6c47508aabc", "value": "x7i3nq4g.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734115", "to_ids": false, "type": "text", "uuid": "b860e37b-d37d-4aa6-b61b-ec2ef4514f4b", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/MuddyWater.DA!MTB\nVT Total Detection:50/72\nFirst Submission:2025-12-09T19:10:06.000000+00:00\nLast Submission:2025-12-09T19:10:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736732", "uuid": "6b28dd5b-775e-4f54-98d2-2d50969efbc2", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736732", "to_ids": true, "type": "md5", "uuid": "5008f2c7-2d7f-463c-8328-ae79c591aeaf", "value": "2d6bbb8a6e7eb0d6db13a15af365ea96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735762", "to_ids": true, "type": "sha1", "uuid": "9aa7c780-634d-459b-bf80-ea7d1748291e", "value": "f96ca66d7d785d9d35fadb1f2054514244a30f81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735762", "to_ids": true, "type": "sha256", "uuid": "610b96ac-116a-4402-974e-5e676968b877", "value": "2f447e1220e03b05303c4fbe42b3d126eacc97edda42734261a15fb530a596c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734137", "to_ids": true, "type": "ssdeep", "uuid": "5e377619-d6d7-473b-be72-79e335bf4675", "value": "3072:w+Gv2W7nYWKbjhF1F4SgEpWfCW1cBgKsdWI2R6c4U9++jajZ0MjbF:jo2tWKbjlKx84VufsdoGdZ0MjbF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734137", "to_ids": false, "type": "size-in-bytes", "uuid": "ab71bc70-7152-4004-b6b2-66b0f836013e", "value": "141228" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734137", "to_ids": true, "type": "vhash", "uuid": "6b338789-c91c-4ae8-9412-f8d38b636e23", "value": "676529943961de1158d5e2ee5a67b08f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734137", "to_ids": true, "type": "filename", "uuid": "f93cee11-b6bf-4fd7-96e8-624f54b5a889", "value": "8fb52fa62541c16519520d305d5d4ec7ac3fe2e09156c1011a05ebc9dc05707e.zip" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734137", "to_ids": false, "type": "text", "uuid": "620a1f18-01ee-44dc-9633-ddb78792bb05", "value": "Static Kitten\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:1/66\nFirst Submission:2025-12-05T06:48:09.000000+00:00\nLast Submission:2025-12-05T06:48:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736753", "uuid": "a6dfac68-7e65-4809-8904-935f8be908f3", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736753", "to_ids": true, "type": "md5", "uuid": "f65fd8f6-8c62-4041-a0f6-2f86bce8ddf3", "value": "11ee5f269902e37ab15e8ae2c5d37412", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735763", "to_ids": true, "type": "sha1", "uuid": "87e303b7-778c-4ea5-b7cc-7f5bf0c5088d", "value": "007b5cd6d6acf972f7743f79e23cab9bb2ecbee3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735763", "to_ids": true, "type": "sha256", "uuid": "43300d1c-c21e-490f-965e-2268f1e82b42", "value": "8fb52fa62541c16519520d305d5d4ec7ac3fe2e09156c1011a05ebc9dc05707e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734159", "to_ids": true, "type": "ssdeep", "uuid": "51053869-51bd-4c5e-8c8a-b905b8aae6e0", "value": "3072:2H5it4izHJz82FKqv/87InPsFMdOZtKGzTMSgQ6ED/4n9TVf01DoA99jNGH:eit4KBFXYIn6MYZt7zIQ89TlYDfn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734159", "to_ids": false, "type": "size-in-bytes", "uuid": "641a0ebd-196c-4bf5-9dc4-dcc113f4b1e3", "value": "195584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734159", "to_ids": true, "type": "vhash", "uuid": "541dd079-1e77-432c-805e-888a54407f2f", "value": "015056657d15555az4a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734159", "to_ids": true, "type": "filename", "uuid": "f4232a1f-42b2-4d74-9ad8-43d676529f8b", "value": "8fb52fa62541c16519520d305d5d4ec7ac3fe2e09156c1011a05ebc9dc05707e.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734159", "to_ids": false, "type": "text", "uuid": "e955d97e-38aa-42e3-a54b-c8623794bd55", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Muddywater.GVB!MTB\nVT Total Detection:52/72\nFirst Submission:2025-08-04T14:46:16.000000+00:00\nLast Submission:2026-01-09T02:24:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736774", "uuid": "c40dc1a2-0356-4b84-94c5-ad20eed95b74", "Attribute": [ { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736774", "to_ids": true, "type": "md5", "uuid": "05e99103-5335-4823-82d7-94f6fbf9724e", "value": "2a7c276594bd9e37dff9543c4d9f7c41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735764", "to_ids": true, "type": "sha1", "uuid": "9e13d9b7-4ba6-48a7-ba2c-3820906ec0d7", "value": "cfc61c588306fba7e6901986be594eee4a3d6d18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Static Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735764", "to_ids": true, "type": "sha256", "uuid": "37d3fac1-9ee5-4db2-bcbd-0e044a46ef51", "value": "a088a3ae55ad6911227f92580c7853c0a71bcd38b737b856284c8baaef1a7672", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734181", "to_ids": true, "type": "ssdeep", "uuid": "fbc9ad58-37de-4f78-bb10-76a99f3ea903", "value": "3072:pH5it4izHJz82FKq9c/oA23sVMdOZtKGzTMSgQ6ED/4n9TVf01DoA98xwNGHv:nit4KBFXFA2KMYZt7zIQ89TlYDfOwE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734181", "to_ids": false, "type": "size-in-bytes", "uuid": "12cc986d-3b66-493f-85f5-8963516a4693", "value": "210576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734181", "to_ids": true, "type": "vhash", "uuid": "4668558d-b1ea-4f79-b702-8bcb86c4a529", "value": "025056657d15555az4a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734181", "to_ids": true, "type": "filename", "uuid": "086f2b20-1c36-48ca-b9d5-50904c456725", "value": "eix6djsg.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734181", "to_ids": false, "type": "text", "uuid": "597e0272-1fc6-4e75-a2ec-706b0e0ef5da", "value": "Static Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Muddywater.GVB!MTB\nVT Total Detection:43/72\nFirst Submission:2025-12-04T13:10:23.000000+00:00\nLast Submission:2025-12-04T13:10:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736795", "uuid": "e646c692-cc30-4943-8b1f-31f13de81d8b", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736795", "to_ids": true, "type": "md5", "uuid": "5c77ade7-08d8-4cc8-b903-ca50ece1af38", "value": "927781e138ab6d2dd335d7ec6adc9f82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735765", "to_ids": true, "type": "sha1", "uuid": "7a1f1d0c-fce5-4188-9d04-bad3ca682ee3", "value": "f12aa1d103e10d52f7603959b91e22ccbd4c5618", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735765", "to_ids": true, "type": "sha256", "uuid": "f67000fb-c965-4346-a25f-80fa74b627c4", "value": "e7bea41981fbfa81186eba50b182e656bed66acb1103df1b85324b5a40567dae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734203", "to_ids": true, "type": "ssdeep", "uuid": "0780b235-08a1-40c9-9fdc-e9d1b3d07e3e", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sj204:BqYDF9k64/Q9j28okAHDHY25fC2WF9sy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734203", "to_ids": false, "type": "size-in-bytes", "uuid": "d8b896b1-332c-4385-af13-70689b4dc2d2", "value": "396800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734203", "to_ids": true, "type": "vhash", "uuid": "9732a289-9f99-479c-a7b0-b711e3f908f2", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734203", "to_ids": true, "type": "filename", "uuid": "9bccb80c-d6e8-4cf4-b472-9fe79cf8ce06", "value": "s2sksfvm.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734203", "to_ids": false, "type": "text", "uuid": "04ee4bbd-6fc3-4fd6-a4c8-7b29111d7ad7", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:66/72\nFirst Submission:2026-03-06T07:39:09.000000+00:00\nLast Submission:2026-03-07T04:13:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736816", "uuid": "5b7d1c8b-e3c7-44d3-9e42-6420fe814580", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736816", "to_ids": true, "type": "md5", "uuid": "a46fe45d-7efc-42f5-bf0f-d396e91baf06", "value": "e32b37d4f29112db01e8ca4b03d0f06c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735766", "to_ids": true, "type": "sha1", "uuid": "b30eb207-a2e2-4b95-b642-4608dc49073b", "value": "32b03845bf398da396739436beefa6eda5ef5d09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735766", "to_ids": true, "type": "sha256", "uuid": "cd0ebc58-5ae1-4df7-8fd8-87b3b7919f7f", "value": "84b24f76f9fafcda438d8971ebbe68354e3f83f871faa5d20e896b9ac66198b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734224", "to_ids": true, "type": "ssdeep", "uuid": "7e0fbff0-8690-4a97-88fc-876515c53944", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sX204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9s4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734224", "to_ids": false, "type": "size-in-bytes", "uuid": "2e3286a2-a7ae-4f7c-89d5-4d86c53f8205", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734224", "to_ids": true, "type": "vhash", "uuid": "ec175f4c-63ab-4021-b047-386a7de9da22", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734224", "to_ids": true, "type": "filename", "uuid": "229524b6-7ee8-4e14-af96-ef6c99509d72", "value": "2026-02-28_e32b37d4f29112db01e8ca4b03d0f06c_amadey_elex_mafia_remcos_stonedrill" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734224", "to_ids": false, "type": "text", "uuid": "75aaaffa-9403-454a-be74-d4b8b4cc972b", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:47/72\nFirst Submission:2026-02-26T06:35:41.000000+00:00\nLast Submission:2026-02-28T20:03:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736837", "uuid": "3d7d2ab8-29bd-4449-978a-1a7d8415db95", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736837", "to_ids": true, "type": "md5", "uuid": "eac048b3-8728-4703-97fb-5a89c9b982d4", "value": "e696678698f26427edcfade90c8a35ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735768", "to_ids": true, "type": "sha1", "uuid": "44e312de-7421-4499-9a60-67d66db1a236", "value": "489eec5e976a01e5b101d86476748f69e83eaba1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735768", "to_ids": true, "type": "sha256", "uuid": "e8fb0db4-e3b7-4f4e-9f47-f77a6fb735ac", "value": "e0927806ab5820d9cf1f11d3d45ba7ddef51b91a474da7d9a47c327e1241367d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734246", "to_ids": true, "type": "ssdeep", "uuid": "2aa8a81f-7c89-47ce-aa3d-96bf628167f3", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sB204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734246", "to_ids": false, "type": "size-in-bytes", "uuid": "90988e4d-1e4b-48e7-8c6b-d798bfd5131d", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734246", "to_ids": true, "type": "vhash", "uuid": "3bf69dac-7cf2-4650-8a4b-599977f3a6e6", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734246", "to_ids": true, "type": "filename", "uuid": "eb7b7bc3-852b-46fb-97c8-4d119eafaa26", "value": "7evfjyk2.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734246", "to_ids": false, "type": "text", "uuid": "97ef54dd-c410-4f14-abb4-bb25a552905f", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:58/72\nFirst Submission:2018-07-26T01:06:13.000000+00:00\nLast Submission:2018-07-26T01:06:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736858", "uuid": "57afcdc5-0c9f-4203-8c9c-383b7b121aaf", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736858", "to_ids": true, "type": "md5", "uuid": "998715d1-18dd-4cab-b2a1-c30e5ea68a57", "value": "caa5cf2ccb2837dc09efced647eaeae8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735768", "to_ids": true, "type": "sha1", "uuid": "d9e86631-23f1-4823-8d2d-9d5a4eef7310", "value": "4890d3c095f737fcd5b6073b169097433c062056", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735769", "to_ids": true, "type": "sha256", "uuid": "43cdff6f-df26-414a-8e2d-3b465ce0fffe", "value": "0f1d2eebcd34d77a6e4938578c7ab6b95c243e87dd20f09adedf40b8ed258e70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734268", "to_ids": true, "type": "ssdeep", "uuid": "22225726-b58e-408c-a5a6-44d49cdee7d4", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sn204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734268", "to_ids": false, "type": "size-in-bytes", "uuid": "395af9a4-843d-4df7-800a-70853b0d1284", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734268", "to_ids": true, "type": "vhash", "uuid": "838e17b1-e438-406d-833c-fcad18af10d8", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734268", "to_ids": true, "type": "filename", "uuid": "3de846c5-89f4-4256-8b6d-07f476e8ca2c", "value": "glgm4v.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734268", "to_ids": false, "type": "text", "uuid": "0cf40bb7-075f-4601-9649-bfed0ce00c29", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2018-05-14T00:51:35.000000+00:00\nLast Submission:2018-05-14T01:12:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736879", "uuid": "1f650097-9a5f-4a04-a424-d15e67e79858", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736879", "to_ids": true, "type": "md5", "uuid": "89125877-f9b3-4b97-8332-8a5167cd9a7d", "value": "1cac4d419781ef47d976b9c0f08eb689", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735769", "to_ids": true, "type": "sha1", "uuid": "9cb3c8e2-2dc6-441d-ba6c-8b1c809be3ba", "value": "80c161fca576f0d01644d752b9e79f15ed2362a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735769", "to_ids": true, "type": "sha256", "uuid": "d827d589-eb16-4958-8492-2511db3d60a5", "value": "1f0c9ce9dbd9574b0a869ee201cfa255fc6dde05b80b1d903e2217609eb77ff2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734311", "to_ids": true, "type": "ssdeep", "uuid": "a69465de-7cc3-40d2-8db3-0d9960d41858", "value": "49152:cLgaUWtAfSmymovB17puVYsOyA5Lk6fLsDDDDJ5WPpg:cMaX8SHzUCsOygA6jsDDDDGPp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734311", "to_ids": false, "type": "size-in-bytes", "uuid": "7ff9346a-3a1f-4ac7-abf6-86b1ad4415d1", "value": "1887232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734311", "to_ids": true, "type": "vhash", "uuid": "f0b7eec7-7c69-4bed-9c34-7b2bf5c199f7", "value": "016056655d15755195zc00641zadz43z53z1067z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734311", "to_ids": true, "type": "filename", "uuid": "12f8fe18-368b-45ff-ad8e-55144d4e5a48", "value": "Copyright \u00a9 1998-2018 VMware, Inc." }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734311", "to_ids": false, "type": "text", "uuid": "0943b035-4f8f-43d0-b5e9-5e45bf4f3dd8", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/DistTrack.A\nVT Total Detection:55/72\nFirst Submission:2025-12-19T00:09:04.000000+00:00\nLast Submission:2025-12-19T00:09:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736901", "uuid": "c72606e4-eadc-4613-b465-92b1be48cba8", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736901", "to_ids": true, "type": "md5", "uuid": "938dee6b-1ee5-41f9-abeb-6c436abe42ae", "value": "77f813b2f890eb263091113163765d2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735770", "to_ids": true, "type": "sha1", "uuid": "1701d1e4-00c9-4644-ac24-43609ce46902", "value": "479a9e07279bbc09ac4fa72a171a7b9daa65d43d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735770", "to_ids": true, "type": "sha256", "uuid": "ada9d1ce-35bb-4607-9111-9935c3b135da", "value": "fe4df0f5c11c6968703183fe517b2ea41cee762ac0ab5729cb9e084c00a0fe1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734332", "to_ids": true, "type": "ssdeep", "uuid": "c8b4376d-4e77-40b4-a279-89d8d018dbb6", "value": "12288:y7fEC+A7Ih1ZJw9CTk0rijMTkNuY3xzqbs7OE+Bq1TMyHwq20YrdI:8ECtSq9CHri5DubYQ+wyHlRY5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734332", "to_ids": false, "type": "size-in-bytes", "uuid": "f80af432-ba3a-45af-ae47-ec7584f8b9c3", "value": "717312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734332", "to_ids": true, "type": "vhash", "uuid": "bc914460-cb29-4ed1-8b21-e083ae0fd78b", "value": "075066655d1555751148z621z6dz13z15z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734332", "to_ids": true, "type": "filename", "uuid": "c2d0d387-cd12-4fa4-8229-1aa5a7279bd8", "value": "uh677u.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734332", "to_ids": false, "type": "text", "uuid": "864608f5-412f-4256-ba20-1bd4d3ec3bd6", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Depriz.C!dha\nVT Total Detection:50/72\nFirst Submission:2017-03-21T23:26:25.000000+00:00\nLast Submission:2017-03-21T23:26:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736922", "uuid": "9bcf4222-a57f-468f-baf3-8243323ec0d0", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736922", "to_ids": true, "type": "md5", "uuid": "1c47dba3-6364-4a43-90a4-04360a5e1796", "value": "9366d16b595d13c909a256b2074cd61e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735771", "to_ids": true, "type": "sha1", "uuid": "d4021258-6103-4c46-9747-140a93a76e51", "value": "24f061ef32e0ea647593131798522175fa648d97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735771", "to_ids": true, "type": "sha256", "uuid": "4abeb6c3-7b01-4438-ad5b-c7074a1e06e0", "value": "5965b638e6c7891d785bd030cd281b5ffc30d190507bab9e8970928ea7f19570", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734354", "to_ids": true, "type": "ssdeep", "uuid": "8ef4991a-740b-4d59-9e6f-9d674b56aa43", "value": "6144:7CYiP87TaES2gtjt+OeO+OeN7VBBhhBBtflNY+jAtYlVdMQxcIo2hjbqpH9lv:7CYbT0Vtjt+OeO+OeNhBBhhBBza6lpxq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734354", "to_ids": false, "type": "size-in-bytes", "uuid": "dcb10674-189c-491c-bf3f-88070637af45", "value": "286320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734354", "to_ids": true, "type": "vhash", "uuid": "b657b1ed-2314-49fb-9035-51a3e25d0030", "value": "025056655d15155az49!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734354", "to_ids": true, "type": "filename", "uuid": "42aa1d2a-445b-4353-92d0-6b416b03a7ba", "value": "EncryptD.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734354", "to_ids": false, "type": "text", "uuid": "00d61ef2-40a3-40fb-a786-77bdd1161b53", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:5/72\nFirst Submission:2025-12-12T19:19:29.000000+00:00\nLast Submission:2025-12-12T22:10:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736943", "uuid": "6a4632e0-401e-43c2-9efa-0a43ec897cb0", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736943", "to_ids": true, "type": "md5", "uuid": "1b4a74df-85df-4a08-965e-8e7d37d98ebc", "value": "7ba8163e7ae04b1e722160432a40a082", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735772", "to_ids": true, "type": "sha1", "uuid": "762c201e-1065-4c13-8ec3-b2e3b43ed4cb", "value": "a63aec2d262ed293cfac1b823ef36f8ab20ed1f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735772", "to_ids": true, "type": "sha256", "uuid": "81cd05ce-2a59-4a0b-a5dd-86225a011d61", "value": "648419d08b7a05f8b32692e346d6a0c789462efeb9bf800ac5b186992d051593", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734376", "to_ids": true, "type": "ssdeep", "uuid": "e9508b55-4b77-4383-ade2-4af0eb725488", "value": "6144:gCYiP87TaES2gtjt+OeO+OeN7VBBhhBBtflNY+jAtYlVdMQxcIo2hjbqpH9mb:gCYbT0Vtjt+OeO+OeNhBBhhBBza6lpx9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734376", "to_ids": false, "type": "size-in-bytes", "uuid": "5883a506-bb27-41eb-b860-68816219fa9d", "value": "286320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734376", "to_ids": true, "type": "vhash", "uuid": "6f21fd5d-79d5-4d08-afc8-14d80f5e7f8b", "value": "025056655d15155az49!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734376", "to_ids": true, "type": "filename", "uuid": "33375315-d2a0-4aaa-ac16-c620e72e7c63", "value": "EncryptD.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734376", "to_ids": false, "type": "text", "uuid": "ffd6831c-3bfe-4a6f-97e3-c9d1d23ee9a1", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:5/72\nFirst Submission:2025-12-12T19:19:39.000000+00:00\nLast Submission:2025-12-12T22:08:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736964", "uuid": "8e193855-0f7e-434b-aa50-c27acaa62277", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736964", "to_ids": true, "type": "md5", "uuid": "2ddb0ff4-13ea-4dfe-9a7c-09be6b7dc2dd", "value": "9256763382cb22cd9c076bdea371d849", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735773", "to_ids": true, "type": "sha1", "uuid": "1bf4c005-b0c6-47cd-a270-ac6eb548d86c", "value": "f0d6b4f3b2483b53f846a01cd8d0379fdc0a28a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735773", "to_ids": true, "type": "sha256", "uuid": "956918d6-8643-4469-a650-b8270e17cb1b", "value": "5782bce800d721b1380f87727da4d767c31c70b981a936b0ab2106219a91165e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734419", "to_ids": true, "type": "ssdeep", "uuid": "41bed63a-3bd4-4793-88b3-b40a50d98f74", "value": "12288:Iez0G0ESFKY6IMSd4Dh1V3xNGg6eMdna204:Ie/SFKY6IMS8DYg6eMdna2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734419", "to_ids": false, "type": "size-in-bytes", "uuid": "597a5384-d794-4ed2-af10-dbaca2180af4", "value": "427134" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734419", "to_ids": true, "type": "vhash", "uuid": "9d9aabeb-db77-4f21-a8e6-30fdddcee48d", "value": "045056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734419", "to_ids": true, "type": "filename", "uuid": "ba3d0c64-2edc-42fd-bc24-8bac5741c9be", "value": "loko65.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734419", "to_ids": false, "type": "text", "uuid": "b4f0449e-2262-4b33-a6c5-f8fd91e2e165", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:59/72\nFirst Submission:2025-11-20T05:28:47.000000+00:00\nLast Submission:2025-11-20T05:28:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776736986", "uuid": "4d38eef9-9c5c-46c8-92a6-42e13cf033a7", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776736986", "to_ids": true, "type": "md5", "uuid": "04287dc2-a3ea-4fc6-a35f-be366cb64a88", "value": "12ed839b44bdafa63378327bdb0b137e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735774", "to_ids": true, "type": "sha1", "uuid": "7a88910e-b4de-4302-a8c4-7788beedac6c", "value": "4736604e49f2e035e206af52d32e258e41b16ebc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735774", "to_ids": true, "type": "sha256", "uuid": "6e9a4d21-88dc-42f4-8da6-9baf23bf9430", "value": "55a72b15f478b8c3092a454b3664424b765b469a4340621b5593411d76d4fe88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734440", "to_ids": true, "type": "ssdeep", "uuid": "5a887780-cb93-4803-88e0-e6bdbf24280d", "value": "12288:nqYXje0DF9k64/QSywqP0T8oIN1AHDFhY65fC2WF9sK2o4C:nqYDF9k64/Q9j28okAHDHY65fC2WF9sS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734440", "to_ids": false, "type": "size-in-bytes", "uuid": "19ed5d7d-d654-400e-a406-5edfdb41bb35", "value": "396875" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734440", "to_ids": false, "type": "text", "uuid": "45dad0ce-ab7d-49d9-ba5e-6d194816ab52", "value": "Refined Kitten\r\nType Description: DOS EXE\nMicrosoft: None\nVT Total Detection:2/63\nFirst Submission:2025-11-18T05:45:20.000000+00:00\nLast Submission:2025-11-18T05:45:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737007", "uuid": "4ff67467-d783-4514-82e6-c82943e43857", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737007", "to_ids": true, "type": "md5", "uuid": "79070aa6-35f2-47de-bfc3-899b2f700b85", "value": "fbb58a79b3434764ce1928c728fb8cae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735774", "to_ids": true, "type": "sha1", "uuid": "97bfb6fc-ad49-4aa0-9c2f-050a49716caf", "value": "436ffa98002f661f026999ed9a5eed3db2e8d53b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735775", "to_ids": true, "type": "sha256", "uuid": "994b9641-d1a0-4c9c-a89b-52ba1e4be1e1", "value": "21e3dba05111c86468bd060a51e6884c0954940d7b2d8f0ca3f72687e2d5fbac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734463", "to_ids": true, "type": "ssdeep", "uuid": "e1f50e2a-a545-40f7-9fff-259f052550aa", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9s2204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734463", "to_ids": false, "type": "size-in-bytes", "uuid": "8e236fe3-64b4-416c-989a-43295648d4dc", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734463", "to_ids": true, "type": "vhash", "uuid": "134379e2-e0a5-4896-957c-e9cd0b11bdd3", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734463", "to_ids": true, "type": "filename", "uuid": "b09428a5-3d70-475a-9ef4-0fecd71a858f", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734463", "to_ids": false, "type": "text", "uuid": "f9d25b8a-6005-40af-9450-3a4769015a38", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2025-11-14T03:20:44.000000+00:00\nLast Submission:2025-11-14T03:20:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737029", "uuid": "0b228ab2-a9e1-410e-88c8-d51eca9df286", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737029", "to_ids": true, "type": "md5", "uuid": "37b25eb3-b54a-42b2-aadc-2c428a864ee9", "value": "c46b2a92b50bd216dd059504a47f4327", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735776", "to_ids": true, "type": "sha1", "uuid": "48324fd5-1a1e-48cc-aee1-b89d7221176d", "value": "dd68dc51df432cfdefbf88332336791048b4add1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735776", "to_ids": true, "type": "sha256", "uuid": "bbbc7d86-c01d-4cbf-b3ad-c377e926e82d", "value": "fd84c206b6bbdd6cf04fd9310b4b298ef0a429baa2174cecb375c8c2164def54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734484", "to_ids": true, "type": "ssdeep", "uuid": "3de1a958-b5ad-4353-90e4-d95df3a1ccfc", "value": "384:+NbQUsvQedEWQM62w4GpUv7f6qmQwIOvlU5m6NUl1vO+3sXGp4rbeqzG/P83aZKd:+tJ0QedEWQww4+DVDUbil3sM4r3QZvn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734484", "to_ids": false, "type": "size-in-bytes", "uuid": "f9090a72-0d9b-4467-b1c7-a5d6d38f8eef", "value": "49164" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734485", "to_ids": true, "type": "vhash", "uuid": "af8a8e82-4a13-4eac-9637-a7ec210243e3", "value": "244036551501309541d50058" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734485", "to_ids": true, "type": "filename", "uuid": "53ce5dc4-b9e6-483c-9e5f-2840276fc731", "value": "SlHost.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734485", "to_ids": false, "type": "text", "uuid": "9e77e49d-d626-49e6-92c5-4b93b8902560", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Wiper.C\nVT Total Detection:52/72\nFirst Submission:2025-11-08T01:59:08.000000+00:00\nLast Submission:2025-11-08T01:59:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737050", "uuid": "78895f2b-9b36-4fe7-ad0e-e52f03d7d6f7", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737050", "to_ids": true, "type": "md5", "uuid": "38b0863e-3e27-438e-bdf1-69d5fd72daed", "value": "6705d38a3062976e5753ca65546f15cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735777", "to_ids": true, "type": "sha1", "uuid": "0aa33196-a411-4093-95c2-1fc57c978f32", "value": "d01f727b65c23be874e406ebbb735e31eea1db86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735777", "to_ids": true, "type": "sha256", "uuid": "19a6fe5c-5ad1-48d4-841d-07a2a7745ef8", "value": "94842d25397a635d603ed8a6fa0493286ad4a341a668bd9b1e2c1e24daf4f7ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734506", "to_ids": true, "type": "ssdeep", "uuid": "4daf357d-464a-4f3d-a142-1dd4964f01b2", "value": "768:FHZvUgNgzVysgqYJrf6vsH0EtE5PRdMfGXgvUgk+mTywGMLBEYV2Z:FlLJ7ztAIfGIMDAYa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734506", "to_ids": false, "type": "size-in-bytes", "uuid": "b6e4fa8a-2c8e-4a3e-9d58-95f141b10e24", "value": "91648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734506", "to_ids": true, "type": "vhash", "uuid": "c9c80ebb-0d86-42fc-afa8-ab91abc0f62e", "value": "f556b5725387faf2bbc198aa34d6b0a3" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734506", "to_ids": false, "type": "text", "uuid": "844344d3-c93a-4b01-8d97-2afebae98b3a", "value": "Refined Kitten\r\nType Description: MS PowerPoint Presentation\nMicrosoft: Virus:PP97M/Shifter.A\nVT Total Detection:40/63\nFirst Submission:2018-08-23T10:42:21.000000+00:00\nLast Submission:2018-08-23T10:42:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737071", "uuid": "19869c22-1fde-4fe2-b308-3d3c35497dff", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737071", "to_ids": true, "type": "md5", "uuid": "9a5f6b7b-5564-41e7-940a-3999f70ffc2f", "value": "c1b07d849b26b9d8c35fdeb20d95def2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735779", "to_ids": true, "type": "sha1", "uuid": "724df15c-5cff-48d7-ab67-99e048fee947", "value": "4f004eef97a9f124ee9ddc7834c349f0d046632c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735779", "to_ids": true, "type": "sha256", "uuid": "738f2001-c1da-49ba-bccb-529d28d284d9", "value": "67f74b1908055fe995b9a5e92a914fdb99cd345200579b11c3ff1e24b45e1b31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734528", "to_ids": true, "type": "ssdeep", "uuid": "7aee93f2-fcca-448d-b093-c72a317bb719", "value": "1536:i+dvzy0hw5vhNc8Lv9KodPTCIrx6B7YOH:xYJvEQTV96B7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734528", "to_ids": false, "type": "size-in-bytes", "uuid": "98d14379-32e3-40ef-a148-86bf723194a9", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734528", "to_ids": true, "type": "vhash", "uuid": "c5a6bcc5-c6cb-4bbd-a007-2b23a0383c2a", "value": "9bb675d2424e9727c660119ebce79229" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734528", "to_ids": false, "type": "text", "uuid": "a234eb30-bbb9-41e5-8336-25f080ab0de6", "value": "Refined Kitten\r\nType Description: MS PowerPoint Presentation\nMicrosoft: Virus:PP97M/Shifter.A\nVT Total Detection:42/63\nFirst Submission:2018-07-08T16:52:37.000000+00:00\nLast Submission:2018-07-08T16:52:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737092", "uuid": "f87ae301-2e23-4569-9021-13bd7090ea0d", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737092", "to_ids": true, "type": "md5", "uuid": "e615dae7-533b-4499-a95a-f0cdb9e8bd78", "value": "9b88dfff8b6f4c2757e003040d6aa517", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735780", "to_ids": true, "type": "sha1", "uuid": "3307209b-8451-4791-a158-cc3de87a1c32", "value": "c723f69ffc2a75d4e663fbe91c857e14b8da091e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735780", "to_ids": true, "type": "sha256", "uuid": "bcf43c5b-3c7c-4600-9e7b-bc5bd94315a3", "value": "6d39974e149162e28e9df6bf6e3c5c9ba75e6bcdcd0a681c774e6075616ce98c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734550", "to_ids": true, "type": "ssdeep", "uuid": "02113431-d218-49c5-b9c6-75066565f0ab", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9su204v:BqYDF9k64/Q9j28okAHDHY25fC2WF9sP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734550", "to_ids": false, "type": "size-in-bytes", "uuid": "804a0a17-a28d-4f6e-a6a9-0079bfce5aed", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734550", "to_ids": true, "type": "vhash", "uuid": "d04b3f60-6ad0-472a-b956-7c032f52befa", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734550", "to_ids": true, "type": "filename", "uuid": "0f5683bc-b21f-4468-b374-846914c479b2", "value": "fwak4a3mm.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734550", "to_ids": false, "type": "text", "uuid": "b124d134-6ed5-4228-b2cb-60dfeac4d0c7", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:62/72\nFirst Submission:2025-09-02T05:49:38.000000+00:00\nLast Submission:2025-09-02T05:49:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737113", "uuid": "3d763afb-61c8-4805-b778-9c1501525f45", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737113", "to_ids": true, "type": "md5", "uuid": "4556537e-a655-41fe-a8fd-545bfd04ecbb", "value": "5c1642629cddd82387851fcc2a1e6028", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735782", "to_ids": true, "type": "sha1", "uuid": "2e38a307-221b-4a1f-85b0-a2c2480f91ec", "value": "cca4c20fcd996b47badb68de14e3f1d38c8b7e8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735782", "to_ids": true, "type": "sha256", "uuid": "6e67722f-2a66-46f8-a0d7-ea10a1f859b4", "value": "5288353d7946566a1247f78239a98b2c859071c1547ce3f6db88ebae43db5f40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734571", "to_ids": true, "type": "ssdeep", "uuid": "0498b343-278c-45a3-928a-02fb6a88f323", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9lf204:BqYDF9k64/Q9j28okAHDHY25fC2WF9lO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734571", "to_ids": false, "type": "size-in-bytes", "uuid": "64bc02a1-9df9-4158-8b87-be079d81a8d3", "value": "396800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734571", "to_ids": true, "type": "vhash", "uuid": "907509da-0155-4ae0-96e9-64f9d4a0d0cd", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734571", "to_ids": true, "type": "filename", "uuid": "a638fea3-1b68-403e-9eb5-35f1f91779c5", "value": "o9lmy.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734571", "to_ids": false, "type": "text", "uuid": "c970173c-cc8c-4854-9f9c-81cb32e9634e", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2025-08-03T11:47:53.000000+00:00\nLast Submission:2025-08-03T11:47:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737134", "uuid": "6de71ea6-b8dd-48df-887a-17ff2ce5cc60", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737134", "to_ids": true, "type": "md5", "uuid": "e8a38a67-fa98-4c74-b41b-35b0f5a64f02", "value": "b2769c4670e4a740cc3e3488b49b74ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735783", "to_ids": true, "type": "sha1", "uuid": "a728cea4-63de-48f9-964a-72abd75a8926", "value": "8c769f28f6dbd30449537d15e1900cdc2009b5cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735783", "to_ids": true, "type": "sha256", "uuid": "374cfcbf-0ed5-4869-8665-3b275c4c84bb", "value": "e1763c22d4a4bad7987552d0327c83c850358f207c7b22d3af67a6af887a9870", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734593", "to_ids": true, "type": "ssdeep", "uuid": "2ef39a57-2b1e-4e30-8411-731f365f71fb", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9s0204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9st" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734593", "to_ids": false, "type": "size-in-bytes", "uuid": "0d20e515-4e34-4a5b-94e7-931e0461aaed", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734593", "to_ids": true, "type": "vhash", "uuid": "c09cbffe-3dcf-4e6a-88b0-bea5d6014ba8", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734593", "to_ids": true, "type": "filename", "uuid": "56809db3-68ff-423c-9c59-c14e41a052ae", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734593", "to_ids": false, "type": "text", "uuid": "a4e06e8c-8d7c-4ead-babb-40dbdf854a2d", "value": "Refined Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:55/72\nFirst Submission:2025-08-07T22:18:00.000000+00:00\nLast Submission:2025-08-07T22:18:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737156", "uuid": "6a66601b-50c5-45b4-add0-4a3e98e11d6a", "Attribute": [ { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737156", "to_ids": true, "type": "md5", "uuid": "f0fefa22-77d6-4e6b-9379-a5b82a7d9c57", "value": "c1ab630b2f78574942c129b621050f70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735785", "to_ids": true, "type": "sha1", "uuid": "8d564604-b506-4ddc-b7a9-d8bfbe9d64a2", "value": "7b8604c575c89a9a6bfc21d1b26ee07a160cdda2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Refined Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735785", "to_ids": true, "type": "sha256", "uuid": "f6125c48-3e58-4c7a-b202-aca3cbefd879", "value": "ac8be35f630f28d6e7b5d68571d0403466c88b13363e648f152478ef41ed1aef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734615", "to_ids": true, "type": "ssdeep", "uuid": "0568f5cd-7d1f-40b8-8b92-34bf746509a6", "value": "384:9jbVNWiN5mOUPpYyjq/kKJo97Sa+zznYbNfJtqbkCs2tws2N9IxhALXrVu+0uxc:fNnuOURJOFk+aUQNhobkClqBIzKbwb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734615", "to_ids": false, "type": "size-in-bytes", "uuid": "765c36ff-2d7d-4a40-ba07-2bb36171d76a", "value": "29184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734615", "to_ids": true, "type": "vhash", "uuid": "46f6db62-2552-49c1-bf00-c23f0af874ae", "value": "349f052b28a98ab8ca69a9ad34089a10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734615", "to_ids": true, "type": "filename", "uuid": "1118601b-f321-4cf2-9e31-7cc04ef1b93c", "value": "5 (14).ppt" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734615", "to_ids": false, "type": "text", "uuid": "7d778593-cf3a-4591-8f72-96c98dbbf3b2", "value": "Refined Kitten\r\nType Description: MS PowerPoint Presentation\nMicrosoft: Virus:PP97M/Shifter.A\nVT Total Detection:40/63\nFirst Submission:2012-01-17T19:21:06.000000+00:00\nLast Submission:2012-01-17T19:21:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737177", "uuid": "f15e08df-0c6f-4abe-bcd4-2ab33cf3613c", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737177", "to_ids": true, "type": "md5", "uuid": "dbe847c5-fdbf-4e68-b05d-64f64c160e24", "value": "7067e069442979e17b540703ebe9516f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735786", "to_ids": true, "type": "sha1", "uuid": "5a36aa84-73eb-43bb-a230-b73334dc6de9", "value": "dc9f93162277f7bf5c01dff9fba034f3e2cb3ca8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735786", "to_ids": true, "type": "sha256", "uuid": "d794384a-9402-4871-9b6f-307e29a0128d", "value": "27a74df534eb05042603676b1237da6abfd8505597be1858c5a161e8af4a313b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734637", "to_ids": true, "type": "ssdeep", "uuid": "56beb5df-0e5f-4392-bd98-3200794ac681", "value": "98304:AG15UoKq1AJjetjj4hd+o9cBHV1okLAw9/:A4N1Ajex4L+o9cBHV1okLAw9/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734637", "to_ids": false, "type": "size-in-bytes", "uuid": "f1980390-d816-45da-8e02-43e17a1b585a", "value": "3458968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734637", "to_ids": true, "type": "vhash", "uuid": "abc56020-ae4c-4277-bfb9-3570cdbf57c1", "value": "23603655151ff033d6ffff492d42ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734637", "to_ids": true, "type": "filename", "uuid": "10655c7b-1af7-4535-a09d-9407a71a744c", "value": "Officetools.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734637", "to_ids": false, "type": "text", "uuid": "24f50600-fc34-46da-a063-8d234871af3b", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:3/72\nFirst Submission:2026-03-19T05:34:45.000000+00:00\nLast Submission:2026-03-19T05:34:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737199", "uuid": "316bff4c-7e75-4ef8-8713-c986321f819c", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737199", "to_ids": true, "type": "md5", "uuid": "9c2005ba-80b3-499a-aba0-cf57f38c5135", "value": "dd6f861f539b5c13a29552457efe8b8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735787", "to_ids": true, "type": "sha1", "uuid": "cedd2782-2def-4c91-b88e-84d75cb5a3d9", "value": "d71fdb0379667d3b1f6b79ce1d1061d8dbfb9f5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735787", "to_ids": true, "type": "sha256", "uuid": "99a9ea10-e641-4916-82a9-6e61234a5940", "value": "497d7e83b9a021f44699f5844018189421c0d429830995497a6e8352419a2330", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734658", "to_ids": true, "type": "ssdeep", "uuid": "4e253a9f-0369-4d58-937d-4cdba051bcaf", "value": "49152:p+bdbtsJi2zH5hHt2jg/4B1k6wAHw79T2:psdbtsJi2zH5hHt2jE9T2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734659", "to_ids": false, "type": "size-in-bytes", "uuid": "1f5e7898-a93c-478e-b07b-972093ab015e", "value": "3041192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734659", "to_ids": true, "type": "vhash", "uuid": "f0637fad-d77e-4c90-86aa-a646d6f559a3", "value": "23603655151ff033c5ffff492d42ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734659", "to_ids": true, "type": "filename", "uuid": "28eecf8a-b390-4aaf-b7a3-9cedbbd16b61", "value": "egatdmtools.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734659", "to_ids": false, "type": "text", "uuid": "1d684573-250d-428b-a9d6-517fad53cc3b", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:4/72\nFirst Submission:2026-03-10T04:19:24.000000+00:00\nLast Submission:2026-03-10T04:19:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737220", "uuid": "fd008ac5-718e-4da7-a130-85e7c7017917", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737220", "to_ids": true, "type": "md5", "uuid": "d3484178-f9ae-4553-9bae-3489b40818fa", "value": "462fd69e6fab9766882571629155ebb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735788", "to_ids": true, "type": "sha1", "uuid": "16eb2234-23f9-4ddc-addf-30b0cc909622", "value": "c65436d3c85eb0c35cff164612e070ee2876c33f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735788", "to_ids": true, "type": "sha256", "uuid": "193cb8bf-3d0a-4251-ad49-98d9f4e89d1c", "value": "95fd3f06689e7e279daf8c5ca636970a3c94d8cc04cc3a6bcfe58fe58f903dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734680", "to_ids": true, "type": "ssdeep", "uuid": "79d84b64-f1f3-40b9-b5b3-16e566de8914", "value": "24576:H5+o5dbKsJi2zffbp+qJn5matKBscvbgtvujT/4iRsFkqYAVwFyz4Fx+h9X6pu0A:Z+OdbKsJi2zffk0t2jT/45FkqYAHzG8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734680", "to_ids": false, "type": "size-in-bytes", "uuid": "cf3eaae0-2831-431a-8f95-360f1b4703a5", "value": "3040680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734680", "to_ids": true, "type": "vhash", "uuid": "d33f0155-b7fe-423c-975a-a04fc4572fcc", "value": "23603655151ff033c5ffff492d42ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734680", "to_ids": true, "type": "filename", "uuid": "027f0252-06a2-4806-bc45-9e72b247c68f", "value": "egatdmtools.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734680", "to_ids": false, "type": "text", "uuid": "8072e122-26f7-456c-82e7-ceae2851b58e", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:3/72\nFirst Submission:2026-03-10T04:19:24.000000+00:00\nLast Submission:2026-03-10T04:19:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737241", "uuid": "08a9735f-2f3a-4d44-a2c9-944ec1923936", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737241", "to_ids": true, "type": "md5", "uuid": "3f7501a8-79f4-465c-8c47-38752c1c2503", "value": "3b9c7a46eb5745b1803b1b4e86b44550", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735789", "to_ids": true, "type": "sha1", "uuid": "9bb99cde-2c37-4ddb-be2e-4bf61dc2ebd5", "value": "f1f74b02435e56c7d5220ab29c7201fb0ccd93ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735789", "to_ids": true, "type": "sha256", "uuid": "ae5f372c-6e09-47f7-9e84-2d2708a29aa8", "value": "40d32e87ea0ed02b060abde7be2c3de34dd369bb2da41b717cd804c92b48b34a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734703", "to_ids": true, "type": "ssdeep", "uuid": "09068df2-befe-4987-939e-15efd88c844f", "value": "24576:ogJ9Oy5Gwj8Qul7n4quBvbgtvujE/xURk29+mAywFDMt61zTGt1TPK0iv:Pj5tj8Qul7XZt2jE/xz29+mAHJ4Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734703", "to_ids": false, "type": "size-in-bytes", "uuid": "199fe642-90c8-4dbe-b4b6-cce3df0d22f6", "value": "3103152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734703", "to_ids": true, "type": "vhash", "uuid": "22a08479-5703-4b9f-8203-c1b4dd6ab1d0", "value": "23603655151ff033c5ffff492d42ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734703", "to_ids": true, "type": "filename", "uuid": "924a0f61-c6bf-47a6-826f-eac46632cfa6", "value": "egatdmtools.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734703", "to_ids": false, "type": "text", "uuid": "a9420ee8-aec3-43c4-a768-693aea0238f0", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:3/72\nFirst Submission:2026-03-10T04:11:17.000000+00:00\nLast Submission:2026-03-10T04:11:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737262", "uuid": "ead0d51f-b951-450b-b0bb-3397cac91947", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737262", "to_ids": true, "type": "md5", "uuid": "9e3b0f05-82cc-4932-afc7-58d8f9edf0e8", "value": "c6575280aa2c5c764dc0000693e12f49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735790", "to_ids": true, "type": "sha1", "uuid": "f0533905-a1d5-4db9-8535-fe7020545de5", "value": "f9140b20d50ececd7a2885b8806aba12b1d220f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735790", "to_ids": true, "type": "sha256", "uuid": "e4fa657c-52d0-4bf5-9319-25516f9bb7ac", "value": "a8f39a7d116a57136f148ca5b0b64c1621d12e971d1484566b7ac3d0608dede9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734725", "to_ids": true, "type": "ssdeep", "uuid": "06c2a6e6-791f-4e91-adee-fb196b4e3122", "value": "196608:wTlI3mVbKvZImJT3qUo1NVuOibTHIUkDt+muHwa2pWy21xKhyFL6Ple:whI3YwImZqVG3XIU64Hn2pWy2WhGL6PY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734725", "to_ids": false, "type": "size-in-bytes", "uuid": "7df9634c-aa30-4dbe-a23b-c806630b1d5f", "value": "10059461" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734725", "to_ids": true, "type": "vhash", "uuid": "ced2723a-e7a9-467d-b08c-05a0aae4919b", "value": "017046655d1550901031z90088z5015z8010031fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734725", "to_ids": true, "type": "filename", "uuid": "060e9b13-fa4f-4fde-8752-ed1caa9ea1fb", "value": "egatdmagent.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734725", "to_ids": false, "type": "text", "uuid": "d24db2d8-f7ca-423d-82f1-a4d4ca55f394", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:37/72\nFirst Submission:2026-03-10T04:09:47.000000+00:00\nLast Submission:2026-03-10T04:09:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737283", "uuid": "e2e8298f-d3e0-413a-933f-466ba0a52b14", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737283", "to_ids": true, "type": "md5", "uuid": "bc5a950d-1ca3-44aa-993f-574df01a64fd", "value": "3aeb7bff7d62172f61cceb62d29d2ba1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735791", "to_ids": true, "type": "sha1", "uuid": "ceb409a3-459e-449c-a754-bba56a3924ed", "value": "d1b4219230ed68a41740143ecb9aa968397816fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735791", "to_ids": true, "type": "sha256", "uuid": "851bd99c-9348-47fd-a908-00cae4dc9867", "value": "6d40a9aea28570d2835c46ae78dc27d0986aabfce8277d8af178337831be137c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734746", "to_ids": true, "type": "ssdeep", "uuid": "995fa744-a423-4477-a47d-d750bf35b584", "value": "24576:xaZTPyAZid8Qul7F0Z0EwuJXBltvujc/xURsG9eiAywFDMtY7ygnj2Pf73:sgA8d8Qul7ZSt2jc/xTG9eiAH9Wt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734746", "to_ids": false, "type": "size-in-bytes", "uuid": "cbead9fd-a215-4413-9f18-ae7916f2c516", "value": "3103664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734746", "to_ids": true, "type": "vhash", "uuid": "900a8a9d-d197-4bd8-aa68-b63a5d230c9f", "value": "23603655151ff033c5ffff492d42ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734746", "to_ids": true, "type": "filename", "uuid": "15b7178c-517d-4e16-9165-5ef53d381429", "value": "egatdmtools.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734746", "to_ids": false, "type": "text", "uuid": "a8e2f5e3-f5ef-4b0b-b43b-39bec3281001", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:4/72\nFirst Submission:2026-03-10T04:11:16.000000+00:00\nLast Submission:2026-03-10T04:12:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737304", "uuid": "64eea455-27ab-4006-8fc1-1309a499f576", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737304", "to_ids": true, "type": "md5", "uuid": "e91fef3a-4c22-43d8-8377-aee8dfe6b408", "value": "e58358b6e0d15245c56441dff6d48a50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735792", "to_ids": true, "type": "sha1", "uuid": "5288c2cb-5fee-4b66-9036-fec30be57b9f", "value": "36436af9b747d9d5affcca31381a096e2613d9df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735792", "to_ids": true, "type": "sha256", "uuid": "d3b067e2-91df-47cc-a6b4-aee66ef8faae", "value": "a37b33fe504370a41b7d2eefd33fbd97c5be5e9c2f94ea4a4d943cdffe177d61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734768", "to_ids": true, "type": "ssdeep", "uuid": "3fb8d804-e0a1-4412-a317-6a1a78d6dd5b", "value": "49152:R8UIKVdL9dg3dR+5/gsaKKiAuBYKk0gLigcP7bA4adkmn3WcsOeOibqIZcBOlZwT:aWzgN4/uKLhBYKlgLgFbqIDw6rz4UY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734768", "to_ids": false, "type": "size-in-bytes", "uuid": "08875883-8a47-4cf9-9edf-a082bf8f4d23", "value": "7925992" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734768", "to_ids": true, "type": "vhash", "uuid": "adcb21cf-d438-4be2-8a7b-7015a4546ed0", "value": "27603665751ff0efbcffff693effff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734768", "to_ids": true, "type": "filename", "uuid": "3bea8db4-7372-4e2b-8e8f-69594630675c", "value": "BankInManager.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 12/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734768", "to_ids": false, "type": "text", "uuid": "fd8e5f5a-c153-442c-9c25-deef32928489", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:3/72\nFirst Submission:2026-01-22T18:40:26.000000+00:00\nLast Submission:2026-01-22T18:40:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737326", "uuid": "47bbdf7c-a071-4eff-9ad3-67a3806105e2", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737326", "to_ids": true, "type": "md5", "uuid": "84b97ba0-3d58-401c-acd2-bd59a0440c33", "value": "6a15e6dd6207e286f99a3aebd4a2c704", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735793", "to_ids": true, "type": "sha1", "uuid": "3cf5dc0e-1080-43a4-9d78-c15cebac46fd", "value": "1774d6f52630c6ae351a427348cdcb40169a1d7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735793", "to_ids": true, "type": "sha256", "uuid": "fa0fd274-6b0f-4094-9a36-210fd031b755", "value": "014aa93767f2a9e007c45b04c1665fa466b6bd78a94f0456b87158546352c079", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734790", "to_ids": true, "type": "ssdeep", "uuid": "62962f38-2271-4ae5-ad2c-091756e7656a", "value": "49152:Cr/8kTby+rMelot2jC/gMQZYKAsFz8eB6N:Cr/8kTby+oelot2jZZB6N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734790", "to_ids": false, "type": "size-in-bytes", "uuid": "ac735707-6577-4de5-8dc7-51154f9d9fe5", "value": "3334156" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734790", "to_ids": true, "type": "vhash", "uuid": "0d6a101e-cfbf-4dd9-8eda-4fef2c602fb5", "value": "23603655150ff033c5ffff492d42ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734790", "to_ids": true, "type": "filename", "uuid": "290db9ac-1858-49eb-8ac2-6a8a7015a95f", "value": "Officetools.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734790", "to_ids": false, "type": "text", "uuid": "a8042a8a-8d1d-4bfc-a85c-0e2e0407f693", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:8/72\nFirst Submission:2025-12-01T09:05:55.000000+00:00\nLast Submission:2025-12-01T09:05:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737347", "uuid": "f08adf01-b0d4-4ff4-ab6e-68d86ac0886d", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737347", "to_ids": true, "type": "md5", "uuid": "9360ea22-6e61-433f-91e4-a5fde8086e65", "value": "b685779770b694d1c9052e4fa978f584", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735794", "to_ids": true, "type": "sha1", "uuid": "2807027a-aaaf-43c7-8c01-97877137e4d9", "value": "687b512d75b0f461c231f28c4eebfda01cd88c28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735794", "to_ids": true, "type": "sha256", "uuid": "d710336d-0ab0-4803-be24-22a60117e7d1", "value": "076ba910589bba4e03eb7cd2b769f5a8d4232f75e7b620be0e3cc03d08f6ddea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734812", "to_ids": true, "type": "ssdeep", "uuid": "b5c96e5c-6482-4705-9282-91e386371804", "value": "6144:gsPcKvY/K2XApxA4Q6cVP1c81CQhGwMJVKGfZoUalqBu87egsAuiAPp:gES/KFnA96cw81nMBEMBsAsP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734812", "to_ids": false, "type": "size-in-bytes", "uuid": "a5e9632c-1df4-49af-8994-2965345a15bc", "value": "524300" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734812", "to_ids": true, "type": "vhash", "uuid": "192cb4a9-5a49-452b-b09f-c9ff77daedbe", "value": "25503665150ab0206ffe8861aff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734812", "to_ids": true, "type": "filename", "uuid": "8423521b-33b9-4042-a0b8-505539046905", "value": "Karkoff.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734812", "to_ids": false, "type": "text", "uuid": "66da06b3-a4d7-4b34-8e18-3ddba3e30cd5", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:50/72\nFirst Submission:2025-11-23T18:23:45.000000+00:00\nLast Submission:2025-11-23T18:23:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737368", "uuid": "0a5db389-fded-4fbf-adc3-7c81cf2ea601", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737368", "to_ids": true, "type": "md5", "uuid": "b90ebf94-54f1-4c49-a706-abad54c5a092", "value": "f4bac96a6772ae8ff2fa31cf186d3e91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735795", "to_ids": true, "type": "sha1", "uuid": "f5a75f0a-5b81-41b1-aa69-64b2f041a048", "value": "7c07e96669ddc170456fc4d3ee628547eefe07ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735795", "to_ids": true, "type": "sha256", "uuid": "24e118e8-c471-4a37-961e-31f5e0bcb7c9", "value": "ab2294175edbfa71cb275dac49deac2ffaf1dce4d0bab3c7d95ccb4bef684128", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734834", "to_ids": true, "type": "ssdeep", "uuid": "a5afa56e-037d-4df6-bb7a-39190cab17ef", "value": "6144:2ZPcKvY/K2XApxA4Q6cVP1c81CQhGwMJVKGfZoUalqBu87egsAuiAPJI:2JS/KFnA96cw81nMBEMBsAsPJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734834", "to_ids": false, "type": "size-in-bytes", "uuid": "dafe50a1-427b-4da4-ae87-bd4bd3c0ae97", "value": "524300" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734834", "to_ids": true, "type": "vhash", "uuid": "5f4ee426-7672-4eef-9e6c-bf65ddfdfb9d", "value": "25503665150b10206ffe8861aff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734834", "to_ids": true, "type": "filename", "uuid": "4c01b9ad-e7a4-47f3-a2c6-920679bded48", "value": "Karkoff.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 13/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734834", "to_ids": false, "type": "text", "uuid": "41c72d33-a8b9-4838-b20b-a9d093244ead", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Qwexlafiba!rfn\nVT Total Detection:45/72\nFirst Submission:2025-11-19T13:31:43.000000+00:00\nLast Submission:2025-11-19T13:31:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737389", "uuid": "9bc27391-e373-4405-a207-31aa9d3b48c0", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737389", "to_ids": true, "type": "md5", "uuid": "446b45a7-70dc-4a8b-a123-ec51dc21a540", "value": "108aa3a3b8fad670c4a2ce02259877bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735796", "to_ids": true, "type": "sha1", "uuid": "0af2f0de-a091-42c9-a6be-2b899c2aa1c7", "value": "e2df0c997174cb7342237c4ad1e4612445912cb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735796", "to_ids": true, "type": "sha256", "uuid": "d70ba72f-655f-49b3-a3e2-e91d0ae13c65", "value": "82aed306209000cf29553bafde905b901a973e18bdec008ef13e311b65def1e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734877", "to_ids": true, "type": "ssdeep", "uuid": "30f109db-dd7c-4af9-8875-686a611d86ca", "value": "49152:Lo4sNrYQlLTscD97Bt2j92hpIU3Mj4M6qF5:Lo4sNrJDt2jkI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734877", "to_ids": false, "type": "size-in-bytes", "uuid": "d66e4402-33be-4e64-83eb-eb901c75d234", "value": "3620876" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734877", "to_ids": true, "type": "vhash", "uuid": "5d0b965b-be83-49a5-bd21-fdf4bf1c0ca5", "value": "23603655150ff043c7ffff523449ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734877", "to_ids": true, "type": "filename", "uuid": "4ad10c0b-3a67-4eca-a381-e2ee0228cc83", "value": "Officetools.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734877", "to_ids": false, "type": "text", "uuid": "da078a8c-6664-4d17-a1ff-ffbc4f3ca999", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:5/72\nFirst Submission:2025-11-09T09:43:42.000000+00:00\nLast Submission:2025-11-09T09:43:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737411", "uuid": "a3b9bed4-4c50-49ae-8824-68bb10b44ffa", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737411", "to_ids": true, "type": "md5", "uuid": "32a16a71-0b7d-4f55-8b9f-04bfde1b69d6", "value": "d1fca52e1995ef7d8a2b9de2857451c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735798", "to_ids": true, "type": "sha1", "uuid": "872f3664-3bcc-4427-b3b6-5542e16cc050", "value": "dc6646e806ce7a4d78e734d0371fac85497c177f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735798", "to_ids": true, "type": "sha256", "uuid": "48ab8591-ab0d-4aa3-82c7-68f711c598ea", "value": "39dffe67bfa6e3a11dc12236d8fd7ddd294d7484b8d3811e39bb69b9c018ce9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734899", "to_ids": true, "type": "ssdeep", "uuid": "79ed36fb-dff7-4471-b9fe-b3c3b787af83", "value": "6144:DPcKvY/K2XApxA4QFQCQhGwMJVKGfZoUalqBu87egsAuiAPNo:zS/KFnA9FQnMBEMBsAsPN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734899", "to_ids": false, "type": "size-in-bytes", "uuid": "ed6e13c7-662a-44c9-a498-ce078dd50d19", "value": "524300" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734899", "to_ids": true, "type": "vhash", "uuid": "28a35f0e-90d3-4054-adac-d1fc771e3e3f", "value": "25503665150b10206ffe8861aff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734899", "to_ids": true, "type": "filename", "uuid": "a0f42041-15fd-4caa-a0d5-e1a32c386369", "value": "Karkoff.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734899", "to_ids": false, "type": "text", "uuid": "ff61a590-488f-4b4a-aa57-d0ab58571df5", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Etset!rfn\nVT Total Detection:49/72\nFirst Submission:2025-11-08T22:46:39.000000+00:00\nLast Submission:2025-11-08T22:46:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737432", "uuid": "c5a7c90d-807c-4966-a019-075e2289b5e1", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737432", "to_ids": true, "type": "md5", "uuid": "f4380a5a-20a0-47bb-bb09-74170e0219a8", "value": "7c967d8baade7fe1302331af41bbfd6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735798", "to_ids": true, "type": "sha1", "uuid": "2bc97c70-a534-45f6-83e2-3ae71a72f2b6", "value": "a27100f1a4016218264a8884642243beaee21d78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735798", "to_ids": true, "type": "sha256", "uuid": "60ad89a0-190c-4c87-bb98-60468c3a5cb8", "value": "ed156bb13fbeed684bbfa684a80113b15a81268f9f11a46b821c58009d8ebf91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734920", "to_ids": true, "type": "ssdeep", "uuid": "a00ce689-f97a-4398-bffe-169320934da5", "value": "49152:bx0e3WvRGjBjdSBt2ju2x2mUCLj/xo929:bx0e3WvRcxwt2jjo929" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734920", "to_ids": false, "type": "size-in-bytes", "uuid": "4324b735-51b5-4d37-b762-e905362a2c8a", "value": "3647920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734920", "to_ids": true, "type": "vhash", "uuid": "cd134ae9-269a-4aea-b6d4-4c7b8dc21514", "value": "23603655151ff043c7ffff523449ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734920", "to_ids": true, "type": "filename", "uuid": "22f15635-7f18-4f27-a1ae-a0d369ff2b9d", "value": "Officetools.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734920", "to_ids": false, "type": "text", "uuid": "9ab08cd6-700f-4d34-ac61-538700362bb3", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:3/72\nFirst Submission:2025-10-24T03:21:43.000000+00:00\nLast Submission:2025-10-28T03:29:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737453", "uuid": "b4e60899-2b10-4321-9003-75c3d76f9547", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737453", "to_ids": true, "type": "md5", "uuid": "de139c39-1c52-4b50-8af8-c3e061f50fbd", "value": "b16da6e12d1ab11f15f9ec9e3e1647cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735800", "to_ids": true, "type": "sha1", "uuid": "136c4003-e51f-4f31-b7eb-81eff95a186a", "value": "9fbde0e42701b71b8f104e272aeb233db3824049", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735800", "to_ids": true, "type": "sha256", "uuid": "9d0dfddd-2bc2-4d52-ace8-1b2f8a2bd4b1", "value": "329a9dba11608e22a979657aa70a8eca51f8a5b27f6eb5d656cfc6719df11785", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734942", "to_ids": true, "type": "ssdeep", "uuid": "7b416764-8939-4ecb-a2f3-6683ba28dc59", "value": "49152:Uo4sNrYQlLTscD97Bt2j92hpIU3Mj4M6qF55:Uo4sNrJDt2jkI5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734942", "to_ids": false, "type": "size-in-bytes", "uuid": "fac96e1c-5ec7-4ca6-8edf-fa80c45dcbda", "value": "3619752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734942", "to_ids": true, "type": "vhash", "uuid": "69f8ddb8-0c7b-4923-88ea-0aee824ff01f", "value": "23603655151ff043c7ffff523449ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734942", "to_ids": true, "type": "filename", "uuid": "43d299ef-3c1e-481a-b8a3-30fc23b0962b", "value": "Officetools.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734942", "to_ids": false, "type": "text", "uuid": "af548639-ca09-4592-bd49-4c4eb6c8a2b0", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:6/72\nFirst Submission:2024-06-02T01:13:05.000000+00:00\nLast Submission:2024-06-02T01:13:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737474", "uuid": "30c9c56e-533f-443c-b862-f9f6db38c22d", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737474", "to_ids": true, "type": "md5", "uuid": "8af40ed7-8863-492e-87d2-678067b8144b", "value": "9719246c6b379ae1b1c0abe16532cdd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735801", "to_ids": true, "type": "sha1", "uuid": "445b6edc-ea01-4bf8-a72b-a6a4af2fc059", "value": "2b96c9bd7b7de4b0f0d1b7a966dd8edea1290b10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735801", "to_ids": true, "type": "sha256", "uuid": "b0f8c6f1-30d0-4e68-be45-7b28bc1d6bf3", "value": "84fbdf8825bf51f91ad8f52f6d650718d72ecdd54b719b20dc1a1ca0caf09038", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776734985", "to_ids": true, "type": "ssdeep", "uuid": "314df8a7-7b78-4d5e-ac0b-218b8d6c30b7", "value": "6144:WPcKvY/K2XApxA4Q6cVP1c81CQhGwMJVKGfZoUalqBu87egsAuiAPNo:mS/KFnA96cw81nMBEMBsAsPN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776734985", "to_ids": false, "type": "size-in-bytes", "uuid": "a0084f5d-2ee9-488e-bc89-ea2779cfe2ae", "value": "509440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776734985", "to_ids": true, "type": "vhash", "uuid": "b978033a-4d0a-42f5-aa34-c460f3f54f56", "value": "25503665151b10206ffe8861aff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776734985", "to_ids": true, "type": "filename", "uuid": "b9e7a8ee-fcc5-49d8-8c27-eddeeb7c46eb", "value": "Karkoff.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776734985", "to_ids": false, "type": "text", "uuid": "2bd90a63-e860-469f-893f-00e952464dde", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:51/72\nFirst Submission:2025-09-09T18:49:31.000000+00:00\nLast Submission:2025-09-09T18:49:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737495", "uuid": "0221c825-770e-4e4a-a0de-cddc9d434d25", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737495", "to_ids": true, "type": "md5", "uuid": "f575cb03-fb64-4757-bf40-701564b9f701", "value": "80f30803495bb7e7c677cbe152ff20c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735802", "to_ids": true, "type": "sha1", "uuid": "acc2d189-2a46-4f0d-8951-17f8b9c90b0b", "value": "776283a6c6fed9864e899723aa14c472068b9106", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735802", "to_ids": true, "type": "sha256", "uuid": "c39f12bf-ed3c-45d0-9541-9153fc676170", "value": "21c7489b76d116458aa39f6c11e6df5de1b7f9b62ee3bcdf6abc7cd788f91892", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735007", "to_ids": true, "type": "ssdeep", "uuid": "9bd2e87a-c5ad-4c44-bb55-a354f7cce26d", "value": "49152:Ux0e3WvRGjBjdSBt2ju2x2mUCLj/Co92b:Ux0e3WvRcxwt2j4o92b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735007", "to_ids": false, "type": "size-in-bytes", "uuid": "8c4e4e5e-5be4-4203-8f8f-71a4a1917a69", "value": "3647920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735007", "to_ids": true, "type": "vhash", "uuid": "7a15e5ca-195e-4b34-bc83-fe69e10817b3", "value": "23603655151ff043c7ffff523449ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735007", "to_ids": true, "type": "filename", "uuid": "d56ffddf-e078-4f53-83b5-0096da20d0df", "value": "Officetools.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735007", "to_ids": false, "type": "text", "uuid": "ca488fa4-383b-4a49-8b46-0335ce072e1b", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:9/72\nFirst Submission:2025-08-17T14:35:57.000000+00:00\nLast Submission:2025-08-17T14:35:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737517", "uuid": "d806057c-2b47-4998-a59c-1d0c25ef5b44", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737517", "to_ids": true, "type": "md5", "uuid": "e3f2dd9d-1aea-4160-8419-7643e9015025", "value": "7b2b5821f11d02c1f71e59178a8da588", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735803", "to_ids": true, "type": "sha1", "uuid": "e2ebddb3-5b3f-4932-b6b4-33f2ce27c116", "value": "f90176c3c10743eecdccf3f937dd92a1b532495e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735803", "to_ids": true, "type": "sha256", "uuid": "6323efeb-6246-43cc-8629-8e8b8ef78e62", "value": "868ddffb91ca901aa746658fcf378a0170adefb665ea01ddaa7af11205dd4e63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735029", "to_ids": true, "type": "ssdeep", "uuid": "fdb2de86-152c-44de-96b7-1a871689933c", "value": "192:zdK75jMGGCTzAhN0j5vuHSStPCs4+jgVaxC5k3vqCYa:I7NPAhN0jRuH5t6qjgVaw5YqC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735029", "to_ids": false, "type": "size-in-bytes", "uuid": "39d82e0c-67a4-47e0-85f9-95df43fc7075", "value": "18944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735029", "to_ids": true, "type": "vhash", "uuid": "c94497ac-202d-4896-a3d5-9ad573b5fea8", "value": "185eaa0cc31bc9d1100c625678ea79b2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735029", "to_ids": true, "type": "filename", "uuid": "88269438-9e92-4c6d-8ca4-6381b55d9f62", "value": "vbaProject.bin" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735029", "to_ids": false, "type": "text", "uuid": "0b97960a-b25d-420e-bb3e-bae8fb1d49f1", "value": "Helix Kitten\r\nType Description: MS Word Document\nMicrosoft: TrojanDropper:O97M/Donoff.AG!MSR\nVT Total Detection:23/65\nFirst Submission:2025-01-10T17:55:10.000000+00:00\nLast Submission:2025-01-10T17:55:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737538", "uuid": "d148fb7f-768d-4d4d-8cff-77e5f80119bb", "Attribute": [ { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737538", "to_ids": true, "type": "md5", "uuid": "78284ebf-6fb6-4e97-98c6-1fdd967876be", "value": "227aeda76407491f1ddb91540ac081c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735804", "to_ids": true, "type": "sha1", "uuid": "378cf526-e772-4d79-bb0b-957b2194c7e0", "value": "92c0ba62211ed9785a895a302baef7b9d3003b1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Helix Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735804", "to_ids": true, "type": "sha256", "uuid": "c8e52746-497e-404c-950e-f72a02415dd9", "value": "7cb4912ed6334fe2b1ea5acd05ae14d55d2ac644644dbf0e0e0f4eb122655a4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735051", "to_ids": true, "type": "ssdeep", "uuid": "ee1eaf21-e460-4b84-b081-a35ffc0dd411", "value": "196608:a7JvoIcYk2izyUNItAwgXg1YlVJwAWSCoI3Mv9zqEt:aVvNwLPNI9gO6YAhHI3MRqC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735051", "to_ids": false, "type": "size-in-bytes", "uuid": "7acab606-8aff-4686-af97-dfb203899e29", "value": "7865002" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735051", "to_ids": true, "type": "vhash", "uuid": "27498479-d25c-4bcd-a8ac-9c661ec75c24", "value": "076046655d1550901031z90088z5015z8010031fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735051", "to_ids": true, "type": "filename", "uuid": "cb5c7126-d69a-4db6-9706-3c8a1d21bbe4", "value": "aq9990qh.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735051", "to_ids": false, "type": "text", "uuid": "cad4dc4c-3e45-419c-895b-ca8a680b5a62", "value": "Helix Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:33/72\nFirst Submission:2025-07-25T04:41:07.000000+00:00\nLast Submission:2025-07-25T04:41:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737559", "uuid": "2685bd1a-fadd-4f0a-81fb-073872db2181", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737559", "to_ids": true, "type": "md5", "uuid": "af9c5847-72f3-4b5b-a5bc-a2cf9e002b49", "value": "5a1093f00ba33c6d7eed528a00593bc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735805", "to_ids": true, "type": "sha1", "uuid": "b68d60be-456d-4861-a5e1-639363f44f76", "value": "47a6d97418813f88b452f18eb48517b1f9339a10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735805", "to_ids": true, "type": "sha256", "uuid": "9463b366-fae1-462d-8dd5-7d5f701b4604", "value": "f0db6ec65d99e28b20be7e5852217d74cc31e7cfb6ca5b267988a7bcf640bceb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735073", "to_ids": true, "type": "ssdeep", "uuid": "7c2b15b3-62d9-494d-a0f2-d2a072b8e400", "value": "196608:vmUNqzO7rUOREGAXyzHCGCTJ+y8vcexLutMWz383xlPGh:vmE4og+EGTijTR8vZPNDPGh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735073", "to_ids": false, "type": "size-in-bytes", "uuid": "e02815fc-a103-4241-92a2-362eb244195d", "value": "8154624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735073", "to_ids": true, "type": "vhash", "uuid": "2ca07b29-0d8a-4719-b2ea-796246f7974a", "value": "0860866d1c0d5c051565703162z3600247z2035z23z403dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735073", "to_ids": true, "type": "filename", "uuid": "f1dfbe06-d6ab-4d0c-b92c-395c8494f319", "value": "waxxbtk.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735073", "to_ids": false, "type": "text", "uuid": "22080026-f0db-4d1e-bb8e-52d8ef86e592", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Agent.SN\nVT Total Detection:60/72\nFirst Submission:2025-12-29T05:25:34.000000+00:00\nLast Submission:2025-12-29T05:25:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737580", "uuid": "f6401d39-f089-4d9b-887c-8a6ba6812c49", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737580", "to_ids": true, "type": "md5", "uuid": "302733a6-8cd8-4b4d-ba4a-57757dae2c0c", "value": "65056d4b482300cec580affa8107528f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735806", "to_ids": true, "type": "sha1", "uuid": "0c436a0d-ea29-40a2-8876-2fbd80cd4c30", "value": "471f6a8d8cd9fe8fbadf6b738fad2d3a0ce3bc02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735806", "to_ids": true, "type": "sha256", "uuid": "f625ff1c-4f59-47f6-94a6-bf6edf2315f7", "value": "5b660a33f9c2ed707f652259dc9e14267673411b3ba82d5f1ffddbd4f911946f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735137", "to_ids": true, "type": "ssdeep", "uuid": "7a6e0025-3cfe-4ea4-b6b3-353c5e5ea3ae", "value": "3072:idEz+ucUULk395hYXJbjdn/+5M14EWlsdg2/ONnDWXmE10C1g2oqT:+ESBQqJd/YMH5q2yS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735137", "to_ids": false, "type": "size-in-bytes", "uuid": "98312d8c-eb3f-45be-88ea-d40434224603", "value": "241696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735137", "to_ids": true, "type": "vhash", "uuid": "202506ad-14f2-49f6-a15a-f43c4517ffac", "value": "0250365d057)z773z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735137", "to_ids": true, "type": "filename", "uuid": "9da0b4ed-e647-43d0-b553-99c153d143ea", "value": "bibi9312.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 20/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735137", "to_ids": false, "type": "text", "uuid": "ba2f0c17-eff5-42a2-9798-858751d68a09", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Comame!gmb\nVT Total Detection:64/72\nFirst Submission:2013-04-28T18:25:11.000000+00:00\nLast Submission:2013-04-28T18:25:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737601", "uuid": "6b1e82f1-9162-46a5-8044-7b3ab2fbe4f4", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737601", "to_ids": true, "type": "md5", "uuid": "5362d121-5eb8-47e8-a5ac-7611ed11c0ea", "value": "d473d7fce8c882826b28edac7aee5a2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735807", "to_ids": true, "type": "sha1", "uuid": "3c15a046-18ea-457d-8d15-11833fc6cb9b", "value": "48c88760e8ebce0d18fa4d69c242452369aed077", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735807", "to_ids": true, "type": "sha256", "uuid": "cf690af1-6a5c-4ae1-86e6-1318c5d4441b", "value": "3de323d20b42d59f554f4d0c66c27041ba97b3a083f2674e67b234c869e5d6a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735158", "to_ids": true, "type": "ssdeep", "uuid": "688cf7e6-6903-40ca-99ff-5f60c1d0c6f4", "value": "6144:A6U9F0RstGdKJH5wmmN12rQTh6j4O+UBo1/C:pU9FukvJOej4O+mo9C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735158", "to_ids": false, "type": "size-in-bytes", "uuid": "d5b4bd25-44bc-4f9b-aae3-efb0c47011c0", "value": "263936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735158", "to_ids": true, "type": "vhash", "uuid": "27b28402-5895-4358-81f6-fcc57fac9018", "value": "0250456d5e655\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735158", "to_ids": true, "type": "filename", "uuid": "0b58cf28-dbb5-4c04-a12a-3a3caeef1e79", "value": "2025-10-09_d473d7fce8c882826b28edac7aee5a2d_elex_xor-ddos" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735158", "to_ids": false, "type": "text", "uuid": "87dbff21-b43a-42c0-a506-dba82eb9f3be", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:33/72\nFirst Submission:2025-10-09T11:56:54.000000+00:00\nLast Submission:2025-10-09T20:18:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737622", "uuid": "181ed03c-b8ba-4bdf-b780-d62cdf1711c5", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737622", "to_ids": true, "type": "md5", "uuid": "5f8b8f29-b50c-4381-8ef9-f6834c0e2b92", "value": "077d89084c21d0476078f99a9c984381", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735809", "to_ids": true, "type": "sha1", "uuid": "639d48fa-f45d-455d-9e5b-0a5cb5a8c5bb", "value": "be6f8e23f3023e48d4e7483e54d594d771d787e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735809", "to_ids": true, "type": "sha256", "uuid": "893ad7ec-e961-4c00-89f4-4628ba725ea0", "value": "ae9253a1fbd24a5555c8b1e43f383808cac8414012877ddd0d2619c13bb894d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735180", "to_ids": true, "type": "ssdeep", "uuid": "9eec1040-6727-4128-b070-66b47455cda7", "value": "768:FIESi03Vzq5Q+z/yKfZ+wAFgQ8YAJolh7kE3:FIEV0xq5LzZ+wijIoPkE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735180", "to_ids": false, "type": "size-in-bytes", "uuid": "d9c7bcfb-43d7-417a-ae93-032c86d2281f", "value": "57347" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735180", "to_ids": true, "type": "vhash", "uuid": "8b585d7a-2920-44f5-ab29-3d2448a43b4d", "value": "054046655d151075z8002dmz21fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735180", "to_ids": true, "type": "filename", "uuid": "3acd6204-c1cc-41f9-a231-6a4a28802cc3", "value": "suonerie-loghiGRATIS.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735180", "to_ids": false, "type": "text", "uuid": "d1a88ce5-f253-4025-ad4f-09f356c60e13", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: PUA:Win32/Bitrepeyp.B\nVT Total Detection:51/72\nFirst Submission:2013-01-11T20:34:02.000000+00:00\nLast Submission:2025-09-30T13:23:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737643", "uuid": "5de6e81d-a97a-4216-aaa7-ba18204bfb3e", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737643", "to_ids": true, "type": "md5", "uuid": "2dbb6704-ae25-4863-9d1a-e2dd84c0c5e7", "value": "27cfc9b437442dc718594dd8827c8a7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735809", "to_ids": true, "type": "sha1", "uuid": "7d39c2b0-b601-4e00-a0de-dd27fdf01b9d", "value": "4678cc3e8003883ffce2ac99987e0aeafbb999ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735809", "to_ids": true, "type": "sha256", "uuid": "727bc889-1691-479d-b573-47d72abf0cc8", "value": "e348eafc6560347cceb1b86e242db9ee6a87ba50328e5897741506ed56a28338", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735202", "to_ids": true, "type": "ssdeep", "uuid": "88713f14-bcb3-41b8-858c-1646a4441de4", "value": "49152:tRhRbpJlKHc5GQQBwNR1ynMoMCCb/lrN7geSxJaZ:9R9685swfTjb/lYS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735202", "to_ids": false, "type": "size-in-bytes", "uuid": "cc9eee1c-c63b-4bc4-a75d-0898104f5647", "value": "2482176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735202", "to_ids": true, "type": "vhash", "uuid": "db0276da-603a-4e5f-ab1c-28438f81d25c", "value": "0260365d057)z553z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735202", "to_ids": true, "type": "filename", "uuid": "88c6d56c-8a4c-4aea-b0c0-d9671eec897a", "value": "2k366okk.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735202", "to_ids": false, "type": "text", "uuid": "3b44449a-e526-49ea-9e47-1c909e47fd0b", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: TrojanDropper:Win32/VB!pz\nVT Total Detection:64/72\nFirst Submission:2025-09-28T05:35:11.000000+00:00\nLast Submission:2025-09-28T05:35:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737664", "uuid": "2f6fa231-6639-4bff-8cf4-dd6093f56a69", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737664", "to_ids": true, "type": "md5", "uuid": "1398f55b-fa8b-4dbd-8490-64abdcaf41ea", "value": "a80ce95f6e44df87958ebdf1ed1a52a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735811", "to_ids": true, "type": "sha1", "uuid": "9f0cc8f0-0620-4894-9208-5ad9ade86193", "value": "f1d8f5df91845119adfa77b6bab0bca3f624160f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735811", "to_ids": true, "type": "sha256", "uuid": "049012c7-2e98-4415-8a06-89212cf51550", "value": "3ec8ad4d01ddfb46ae67871c585689610a9bf9c49e875bd5024aa0066c5fd974", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735224", "to_ids": true, "type": "ssdeep", "uuid": "e6ab8582-de26-4a45-8e82-e21a91b334bc", "value": "3072:gLk395hYXJbjdn/i5YPM4E6lzWMvpDtMbNnDWXmE10C1g2oCEC:gQqJd/HPM4rlz7DGl2yvC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735224", "to_ids": false, "type": "size-in-bytes", "uuid": "c195b429-bf44-4986-9fcb-bdcee170a5db", "value": "152056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735224", "to_ids": true, "type": "vhash", "uuid": "ad26263a-cc45-4940-acd9-dabedd41d71a", "value": "015056655d5c05109043z8003b7z47z62z3e03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735224", "to_ids": true, "type": "filename", "uuid": "812f9bc9-1d16-42bb-9105-0be998cd6b39", "value": "bibibei.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735224", "to_ids": false, "type": "text", "uuid": "b0309036-da3f-4e9b-9837-257383aaade4", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: PUA:Win32/Creprote\nVT Total Detection:36/72\nFirst Submission:2011-02-28T02:32:00.000000+00:00\nLast Submission:2011-03-07T23:24:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737688", "uuid": "7a52aba5-d31b-498c-ad8d-c737320d3013", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737688", "to_ids": true, "type": "md5", "uuid": "ffdb0675-1372-42a5-bd71-73cf2480fce3", "value": "3a16ff9a3d35eb69ec6df5623065f2a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735812", "to_ids": true, "type": "sha1", "uuid": "6553f558-a9ec-409c-9ec9-a2310e776673", "value": "456b783388e58f175d3e98929abdc72aee01c70d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735812", "to_ids": true, "type": "sha256", "uuid": "0a8a61a7-2fa0-4133-b8f2-af1e77ddad2d", "value": "e8af311c4b2fa648a31447487c9172e87511e394091aaa3733af328bc94a39b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735245", "to_ids": true, "type": "ssdeep", "uuid": "d181368f-0d5e-4b14-ad91-66351685756f", "value": "196608:amUJTqzO7rUOREGAXyzHCGCTJ+y8vcexLutMWz383xliGD:amOT4og+EGTijTR8vZPNDiGD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735245", "to_ids": false, "type": "size-in-bytes", "uuid": "43263741-4a21-42c8-ad89-7b108a0ca6f2", "value": "8154112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735245", "to_ids": true, "type": "vhash", "uuid": "7b5e1a74-fe2f-449d-84e1-f35712cba83e", "value": "0860866d1c0d5c051565703162z3600247z2035z23z403dz" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735245", "to_ids": false, "type": "text", "uuid": "7fffc4d1-d49a-439a-848d-9d6f2418c60d", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Agent.SN\nVT Total Detection:56/72\nFirst Submission:2025-07-21T10:07:16.000000+00:00\nLast Submission:2025-07-21T10:07:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737709", "uuid": "be134293-c8a7-452e-9416-5c1d66c87c8a", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737709", "to_ids": true, "type": "md5", "uuid": "4ddc1bcd-2be8-415e-98a0-7902da2cfebb", "value": "ea7ad3ffe935b1362c822bc675d76934", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735812", "to_ids": true, "type": "sha1", "uuid": "1b2ab28d-7cba-4fc9-bca5-2b2dadb61086", "value": "e50d8a3e9bae8e6f829836cf0a9874f2206b0926", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735813", "to_ids": true, "type": "sha256", "uuid": "5012cf9f-0a41-44b0-9f3c-dc20e5a9555e", "value": "b5f4e3d23584fe9b3a5f745246f660859cbad630b6d857cf585a1a50526075ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735267", "to_ids": true, "type": "ssdeep", "uuid": "d6623621-c03d-4b56-9159-2a7f35cf87c1", "value": "24576:C0nmFlXJ/bpJlSMYhBr7g5GQQiQwNRxuExmysjnFxcyCf8m2oU6HGH9U:ChRbpJlKHc5GQQBwNR1ynMoMCS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735267", "to_ids": false, "type": "size-in-bytes", "uuid": "cb005607-88cc-4b06-9195-61a920c5a4ac", "value": "1676824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735267", "to_ids": true, "type": "vhash", "uuid": "ed0cf6f7-f06c-456d-b6f9-d253f5a67ef5", "value": "016056655d5c05509043z8003f7z37z72z3c03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735267", "to_ids": true, "type": "filename", "uuid": "c029060f-dbf3-42b4-ba12-278012beaf3b", "value": "1118.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735267", "to_ids": false, "type": "text", "uuid": "8d671b12-9f09-4965-a547-e88cdf5722ba", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Suschil!rfn\nVT Total Detection:46/72\nFirst Submission:2025-07-03T20:14:45.000000+00:00\nLast Submission:2025-07-03T20:14:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737730", "uuid": "e9d502d3-fbe2-4d96-9ae5-fe421ccb73d9", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737730", "to_ids": true, "type": "md5", "uuid": "ddd557bd-3ec5-4550-8b70-16a0b4b7cfbd", "value": "a9a936123e236677262eef99d3c8e19e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735813", "to_ids": true, "type": "sha1", "uuid": "e8c89e8a-42c0-49d7-a615-5dab25ce7270", "value": "16cea23a2ace5f03c258d73e87547b79172742b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735813", "to_ids": true, "type": "sha256", "uuid": "e7db3f0d-b1d2-4c3b-9aaa-dfcd9b71762c", "value": "9635022b65fe37430d0d5b225453e884028f30ec860f5219d1f6fce9b135250f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735288", "to_ids": true, "type": "ssdeep", "uuid": "27475d69-957e-427e-b421-5613cb7c2b0f", "value": "12:iYgOt+UAEC7gEcdSi1d2ZK0Fcn6HlNtC3rPgJvQ5vXA5neDmB0PIW:isAZ7BcdSmdwH/o34QFw5p0h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735288", "to_ids": false, "type": "size-in-bytes", "uuid": "36978174-ca83-4d87-9c7b-e6077957f2ee", "value": "592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735288", "to_ids": true, "type": "filename", "uuid": "67092eb3-28ff-4eb3-b30b-cf006e7dabc3", "value": "VirusShare_a9a936123e236677262eef99d3c8e19e" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735288", "to_ids": false, "type": "text", "uuid": "2b7477a6-a730-4c19-a8ef-c2b3bb439798", "value": "Banished Kitten\r\nType Description: DOS EXE\nMicrosoft: Virus:DOS/Dune\nVT Total Detection:33/62\nFirst Submission:2013-05-17T21:44:16.000000+00:00\nLast Submission:2013-05-17T21:44:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737751", "uuid": "aaa881c2-2a4a-4e9c-8697-4ef7895a3615", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737751", "to_ids": true, "type": "md5", "uuid": "c4c5ea73-6650-42ab-978d-d1ad914867d8", "value": "62ed85aaee2bb158e7c90972edaef959", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735814", "to_ids": true, "type": "sha1", "uuid": "94ebc35b-c967-4fd6-b229-47b9b4f6e256", "value": "9fa9afa23ca85f00ca41352cc3b7fde63d5842e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735814", "to_ids": true, "type": "sha256", "uuid": "86eca35b-74d1-40c1-92e6-1d45331a86f9", "value": "4441a74be356426a24f2fe81806611f7d19e0cbc83020d283843383cf659dee9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735310", "to_ids": true, "type": "ssdeep", "uuid": "02b5b634-b817-41f2-9d33-d95fe7535cdb", "value": "768:eIESi03Vzq5Q+z/yKfZ+wAFgQ8YAJo+tbuV:eIEV0xq5LzZ+wijIoOb8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735310", "to_ids": false, "type": "size-in-bytes", "uuid": "60b1aba0-eadf-49a2-92f2-a2e18bb4ba09", "value": "61443" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735310", "to_ids": true, "type": "vhash", "uuid": "0df47854-530b-46ec-bbd5-74c14975aca2", "value": "064046655d151075z8002dmz21fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735310", "to_ids": true, "type": "filename", "uuid": "7c7e8b4d-af0f-48f8-8c25-cfe66f3a95d9", "value": "usd52.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735310", "to_ids": false, "type": "text", "uuid": "6c1b2f62-3cc4-4e92-91c3-ffae31e0368b", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: PUA:Win32/Bitrepeyp.B\nVT Total Detection:52/72\nFirst Submission:2012-12-09T09:38:15.000000+00:00\nLast Submission:2012-12-09T09:38:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737773", "uuid": "84a5a48d-ecc2-4bac-b5c6-3814ae3b2bd2", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737773", "to_ids": true, "type": "md5", "uuid": "c4e176c8-4379-45ed-aea6-7514b0e5293a", "value": "1360cec5785dcc74476aa9e953c18d30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735815", "to_ids": true, "type": "sha1", "uuid": "c1d95d7a-4c17-48c0-a84c-6bf331876997", "value": "b97ff72ed2b84fd3a800a6e13d094ed8db763aff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735816", "to_ids": true, "type": "sha256", "uuid": "d035cbd8-8d2b-4a98-a92d-26496c3c80fb", "value": "f7d122ddbce110fbe0207e0a32f61f5074e920730f79bf7668278ac83f7a5a7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735332", "to_ids": true, "type": "ssdeep", "uuid": "750c9713-6c68-4db9-987f-0d58e30c2e2e", "value": "768:LjMVAqCbAPFq5pXQCKfNtT/Mv80gQ8YAJoiPaK:3qAdbkq5pXOhMU0jIoy3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735332", "to_ids": false, "type": "size-in-bytes", "uuid": "ebf2282c-b0b4-4a45-bd2e-0d6edade6b8f", "value": "57347" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735332", "to_ids": true, "type": "vhash", "uuid": "f2fcc94e-4dc1-4e29-ba40-a5236d8b9680", "value": "054046655d151075z8002dmz21fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735332", "to_ids": true, "type": "filename", "uuid": "f5e60f68-d963-40ba-9c21-700f4c391fd0", "value": "1360cec5785dcc74476aa9e953c18d30.virobj" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735332", "to_ids": false, "type": "text", "uuid": "fc0b9172-e087-41ca-83a1-e99e3886f2c1", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:44/72\nFirst Submission:2017-07-27T16:23:36.000000+00:00\nLast Submission:2017-10-22T23:50:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737794", "uuid": "8225e460-6c69-4a6b-9d99-1bbacb490615", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737794", "to_ids": true, "type": "md5", "uuid": "96aa6923-263d-4ef4-999c-6d304c18e1cd", "value": "49310bc0a98a9dcf5588565d967f8021", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735816", "to_ids": true, "type": "sha1", "uuid": "c998206e-a92b-4053-83ca-74f31bc2b13d", "value": "5eacd05d48cdfd72c7e114ae050b3cd1b4def95b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735816", "to_ids": true, "type": "sha256", "uuid": "f0b9193b-e4d3-4c3f-90f2-fee6de866182", "value": "ba9a8222354b8a2659d594c92477f4684ffde41fbb833c83a13fb609fee90f61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735354", "to_ids": true, "type": "ssdeep", "uuid": "580f7114-1cb9-4fcf-b263-b5faa7d3360c", "value": "24:LIyR8dK5jGUuYoTVLvOV+IdPowyxbiSR5zQ8SMMQj04rW9qBEXuJ0d0xTMLvOV+4:XRFYUuYqvRiwMQjgXLdbvE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735354", "to_ids": false, "type": "size-in-bytes", "uuid": "053f2490-b141-45a6-9b16-de0f0f5e1217", "value": "6769" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735354", "to_ids": true, "type": "filename", "uuid": "e7d8acfd-a2db-4dc6-b648-a84e89a356ee", "value": "ba9a8222354b8a2659d594c92477f4684ffde41fbb833c83a13fb609fee90f61.vir" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735354", "to_ids": false, "type": "text", "uuid": "0e7732b2-1712-4209-b63d-2dbbbd15a65d", "value": "Banished Kitten\r\nType Description: DOS EXE\nMicrosoft: Virus:DOS/Tankard_493.B\nVT Total Detection:26/62\nFirst Submission:2012-10-22T17:03:50.000000+00:00\nLast Submission:2012-10-22T17:03:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737815", "uuid": "26b98702-efc6-4f72-9f81-b4c211600dde", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737815", "to_ids": true, "type": "md5", "uuid": "4c3560d1-c0dc-4899-8bbb-75bc0236a6f4", "value": "8678cca1ee25121546883db16846878b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735817", "to_ids": true, "type": "sha1", "uuid": "cd70fafc-623c-41dc-a752-b795ac36b31f", "value": "db38eeb9490cc7946b3ed0cf3759acb41666bdc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735817", "to_ids": true, "type": "sha256", "uuid": "e08e87b5-e246-48b1-9608-72b2045d0fb7", "value": "e28085e8d64bb737721b1a1d494f177e571c47aab7c9507dba38253f6183af35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735375", "to_ids": true, "type": "ssdeep", "uuid": "fb9ba3b1-3b47-4d5f-9683-cdf711faf9f2", "value": "384:hW0TTEY/ORWnUUfIJIaB8q0MI2KnNf8lLNRAiffffYkP7GLzYcHe+cPow:90Y/YCIxajBNf8dzjYzYcHe+cPow" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735375", "to_ids": false, "type": "size-in-bytes", "uuid": "0ce6392f-575b-4e08-9a30-e810884e87e3", "value": "19968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735375", "to_ids": true, "type": "vhash", "uuid": "7581fa8f-b845-4e15-bdfc-0eb9ef8ad86f", "value": "21403655151110891620027" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735375", "to_ids": true, "type": "filename", "uuid": "6978ac9f-285a-4911-932b-3c030e3883fe", "value": "Hatef.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 15/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735375", "to_ids": false, "type": "text", "uuid": "84d51948-f065-41d4-a3eb-3cc2f4c0a9a1", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Seheq!rfn\nVT Total Detection:54/72\nFirst Submission:2023-12-17T19:10:35.000000+00:00\nLast Submission:2023-12-17T19:10:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737836", "uuid": "8355d2a6-e445-46a9-ba77-61d0d9e65007", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737836", "to_ids": true, "type": "md5", "uuid": "907a53fb-99ea-4109-8d22-d77366455ee0", "value": "755c0350038daefb29b888b6f8739e81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735818", "to_ids": true, "type": "sha1", "uuid": "605b92e2-0dd5-464d-8c86-7a061f1d3b86", "value": "5b2f56953b3c925693386cae5974251479f03928", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735819", "to_ids": true, "type": "sha256", "uuid": "162de1cf-cf6c-4dc5-8756-ce8cd82be5b5", "value": "4491901eff338ab52c85a77a3fbd3ce80fda738046ee3b7da7be468da5b331a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735397", "to_ids": true, "type": "ssdeep", "uuid": "db0003e6-e5e3-4474-a43b-67818385da5f", "value": "24576:RHA1jDC3rgrKPucdYUxVXshqWzHt0IBLzvavUXUjLzC:6NSwKPucuUxVX+zmvU4C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735397", "to_ids": false, "type": "size-in-bytes", "uuid": "dc50f547-fb75-42fe-a35f-7f65688c3ff3", "value": "6338272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735397", "to_ids": true, "type": "vhash", "uuid": "98900708-0e32-429a-8f95-7d85d7e773ac", "value": "066066651d1c0515509043z800467z47z62z4403dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735397", "to_ids": true, "type": "filename", "uuid": "362b8ba2-71a7-486b-a701-1df666b62af3", "value": "CrowdStrike Updater.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 15/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735397", "to_ids": false, "type": "text", "uuid": "4d0e78c5-6a28-4d7e-b6a9-a56456b3e8f9", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:51/72\nFirst Submission:2024-07-20T11:21:59.000000+00:00\nLast Submission:2025-11-19T16:55:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737857", "uuid": "2fa0217d-88f8-4af5-a370-b18ceafaa527", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737857", "to_ids": true, "type": "md5", "uuid": "5f8243b6-6704-498a-8a40-9dcee1c1752e", "value": "2ff97de7a16519b74113ea9137c6ba0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735819", "to_ids": true, "type": "sha1", "uuid": "2708ac2d-391a-4c02-afa1-34c4464d7fe2", "value": "5def5e492435cfd423e51515925d17285b77cdbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735819", "to_ids": true, "type": "sha256", "uuid": "de1898e4-7433-4d37-9eb0-0622082f8e73", "value": "fe07dca68f288a4f6d7cbd34d79bb70bc309635876298d4fde33c25277e30bd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735419", "to_ids": true, "type": "ssdeep", "uuid": "3c37f13b-825f-4fd0-9d7c-3a303c1593a1", "value": "24576:XDOJwgb7bpJsYbPQ4LiGlKMA4DQpYkZWAT8mB+lEq2O5f5qmT:X4j9KYbPQ4uGfd06kZWi8my5f5z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735419", "to_ids": false, "type": "size-in-bytes", "uuid": "0407966c-d367-4eeb-9d84-85eb9832681f", "value": "1007440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735419", "to_ids": true, "type": "vhash", "uuid": "31aa8354-a4e3-4f35-828c-a840cbb6ea56", "value": "2160367515130010c2328204a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735419", "to_ids": true, "type": "filename", "uuid": "fdaf165a-d07b-4b81-8b9d-5f642e561c69", "value": "F5UPDATER.exe" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 15/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735419", "to_ids": false, "type": "text", "uuid": "44670c85-3c05-4e73-9f29-aad91ed621b1", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Seheq!rfn\nVT Total Detection:49/72\nFirst Submission:2023-12-17T13:39:33.000000+00:00\nLast Submission:2023-12-17T13:39:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737878", "uuid": "a7d6feb7-efc5-45f3-ba7f-a8d06641d8df", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737878", "to_ids": true, "type": "md5", "uuid": "6adeb659-5fda-44cf-bf39-9ae06928eecb", "value": "67153c3927389fe6fb6b37d271d49f9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735821", "to_ids": true, "type": "sha1", "uuid": "1028ae0a-a89a-4361-b1b5-e578544c5771", "value": "0dd54d4cd2e00d00a1f481f20cad4c6dc4fa8293", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735821", "to_ids": true, "type": "sha256", "uuid": "6d004a28-7dbf-4a92-8b9b-6da22ef34ffe", "value": "10d2b5f7d8966d5baeb06971dd154dc378496f4e5faf6d33e4861cd7a26c91d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735440", "to_ids": true, "type": "ssdeep", "uuid": "fc8a9c64-d023-4144-a03f-d91b64a4f273", "value": "98304:Tv9p8+oEor18yNkEPw+c2LsziqycQq+kczMvz:x5oEeXwXiqhEWz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735440", "to_ids": false, "type": "size-in-bytes", "uuid": "8682760b-0f75-46d9-900f-ce3ab46e328e", "value": "6129496" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735440", "to_ids": true, "type": "vhash", "uuid": "8d900d17-0093-465a-9f3b-3c9e5cd4b9c6", "value": "6a4d59ff9caa3667f9cdd1ab22900e04" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735440", "to_ids": true, "type": "filename", "uuid": "3633e0dc-b29a-42cb-8772-6eb130c6dc70", "value": "600992___708c78b6-3974-492d-8059-43a55eb8614c.elf" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735440", "to_ids": false, "type": "text", "uuid": "a61fb261-7fe8-4b08-80c9-320203804d42", "value": "Banished Kitten\r\nType Description: ELF\nMicrosoft: Ransom:Linux/NoEscape.A!MTB\nVT Total Detection:37/65\nFirst Submission:2023-09-29T12:44:53.000000+00:00\nLast Submission:2024-09-09T14:59:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737899", "uuid": "17883ec3-e497-46ad-bc15-ad628f0d45c6", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737899", "to_ids": true, "type": "md5", "uuid": "3a8317ea-275f-477b-9ab2-868fc35db0dd", "value": "5779cec690b5bbc61687381ae8a8d518", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735822", "to_ids": true, "type": "sha1", "uuid": "f1cf57a0-4fe8-45eb-ae89-eb52f1f3ca49", "value": "aa8ebc0b00d116cfe46245e0bb4a0b5108aadc0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735822", "to_ids": true, "type": "sha256", "uuid": "c346d581-231f-4b82-b6a0-9b5168f71d45", "value": "73c19eab8d2ae58db3968dd7de0e745db2d7709859305b113b748bb02494465e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735462", "to_ids": true, "type": "ssdeep", "uuid": "41423e90-e2d7-4d6b-89fb-4f244665d5ba", "value": "12288:RHI2TK7CMZy0+6ni9nGfD6R0T5xyl2sQVaJmXBWj/48oNHu:RHP0T5x22bmaqlmH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735462", "to_ids": false, "type": "size-in-bytes", "uuid": "b3ea3a4b-9fac-4bd9-803b-f736dee8c6c1", "value": "481792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735462", "to_ids": true, "type": "vhash", "uuid": "6335bdec-068c-4006-b888-905d1ce07ede", "value": "045056655d755561c3z10100891z33z8065z23z75z87z" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735462", "to_ids": false, "type": "text", "uuid": "ac6a1ac8-b17e-4374-8d26-be4bd247d2e1", "value": "Banished Kitten\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/NoEscape.MKV!MTB\nVT Total Detection:51/72\nFirst Submission:2023-08-22T05:50:56.000000+00:00\nLast Submission:2023-08-24T00:13:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1776737921", "uuid": "64bb899a-2088-4722-bf6a-2c885d073570", "Attribute": [ { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1776737921", "to_ids": true, "type": "md5", "uuid": "dca8fcbe-d9e2-425c-9936-e3f3980d350d", "value": "c850f6816459e3364b2a54239642101b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1776735823", "to_ids": true, "type": "sha1", "uuid": "9d1da854-b8c4-4b9e-bb13-99072606ef77", "value": "30c60f18279ed5fd36e3ac2d3ba5ddbdc5d1f624", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Banished Kitten", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1776735823", "to_ids": true, "type": "sha256", "uuid": "2128d98c-7eb1-4e45-88b1-ceda71f7a26c", "value": "21162bbd796ad2bf9954265276bfebea8741596e8fe9d86070245d9b5f9db6da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1776735484", "to_ids": true, "type": "ssdeep", "uuid": "78b064f4-378c-434d-8c4b-74735497b7df", "value": "98304:nxygRxtJ8tcZe32l/+jMSXYTU4BcoPfa8/X:Stc0kbSXWJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1776735484", "to_ids": false, "type": "size-in-bytes", "uuid": "f15a4d50-cef4-4544-b93b-f82fa44cbaaa", "value": "5301056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1776735484", "to_ids": true, "type": "vhash", "uuid": "d9c70d62-fd03-4808-b247-8b077bb116f0", "value": "0a62b3f50edd75a46a4c0c0b4ad4e4b5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1776735484", "to_ids": true, "type": "filename", "uuid": "ccbf8bf7-c065-410c-9123-bc624ac7c615", "value": "21162bbd796ad2bf9954265276bfebea8741596e8fe9d86070245d9b5f9db6da.elf" }, { "category": "Other", "comment": "Checked: 21/04/2026\nLast-scan\t: 21/04/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1776735484", "to_ids": false, "type": "text", "uuid": "728db68e-7062-4309-b84b-cc638bf61df2", "value": "Banished Kitten\r\nType Description: ELF\nMicrosoft: Ransom:Linux/NoEscape.A!MTB\nVT Total Detection:38/65\nFirst Submission:2023-06-04T02:30:49.000000+00:00\nLast Submission:2024-11-22T00:53:54.000000+00:00" } ] } ] } }