{ "Event": { "analysis": "1", "date": "2026-03-04", "extends_uuid": "", "info": "[Threat Intel] Breaking Down the Role of Cyber Operations Taken in the Iran Crisis", "protected": false, "publish_timestamp": "1776070486", "published": true, "threat_level_id": "2", "timestamp": "1772824073", "uuid": "41f768c4-dbfc-41bc-9118-15ec7109609f", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1561.002\"", "relationship_type": "" }, { "colour": "#790faf", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Direct Network Flood - T1498.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#5b3acc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disk Wipe - T1561\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#8f36b9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflection Amplification - T1498.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#866c0c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Active Scanning - T1595\"", "relationship_type": "" }, { "colour": "#6ef296", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Spraying - T1110.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Network Information - T1590\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#251b6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obtain Capabilities - T1588\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": "" }, { "colour": "#cf2da1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Develop Capabilities - T1587\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": "" }, { "colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"elf.iocontrol\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Bahrain\"", "relationship_type": "" }, { "colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Finance\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Health\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"News - Media\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Technology\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Transport\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Data Destruction\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Module Firmware\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772679607", "to_ids": false, "type": "link", "uuid": "63f00d31-fd02-4eb4-825f-cb3469822929", "value": "https://www.levelblue.com/blogs/spiderlabs-blog/levelblue-spiderlabs-breaks-down-the-role-of-cyber-operations-taken-in-the-iran-crisis" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1772679607", "to_ids": false, "type": "text", "uuid": "d97ea7fd-7f50-497e-9794-5553fe0cd56f", "value": "The report analyzes the cyber aspects of the ongoing conflict between Iran, the US, and Israel. It details a massive cyberattack launched by the US and Israel against Iran, causing widespread internet disruptions and infrastructure failures. The report also covers the activation and retooling of Iranian APT groups for retaliatory operations, targeting critical infrastructure in the US, Israel, and allied countries. Key actors include MuddyWater, Charming Kitten, OilRig, and Elfin. The analysis covers tactics, techniques, and procedures used by these groups, as well as their strategic objectives. The report also discusses the involvement of hacktivist proxies and the victimology of the attacks, affecting multiple countries and industries." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1772679607", "to_ids": false, "type": "text", "uuid": "3d6d927f-94aa-401f-b6be-29909d8258e5", "value": "Name: Breaking Down the Role of Cyber Operations Taken in the Iran Crisis\nAuthor: AlienVault\nAdversary: Multiple Iranian APT groups\nTags: [\"ddos\", \"espionage\", \"wiper malware\", \"critical infrastructure\", \"iocontrol\", \"apt\", \"disttrack\", \"cve-2024-24919\", \"shamoon\", \"rustywater\", \"tickler\", \"zerocleare\", \"iran\", \"hacktivist\", \"shapeshift\", \"ghostfetch\", \"cyberwarfare\", \"zeroclear\", \"filerase\", \"geopolitical conflict\"]\nTgtd countries: [\"United States of America\", \"Israel\", \"Saudi Arabia\", \"United Arab Emirates\", \"Kuwait\", \"Jordan\"]\nMlwr families: [\"GhostFetch\", \"RustyWater\", \"Tickler\", \"SHAPESHIFT\", \"Shamoon - S0140\", \"Disttrack\", \"Filerase\", \"ZeroCleare - S1151\", \"ZEROCLEAR\", \"IOCONTROL\"]\nAttack_ids: [\"T1561.002\", \"T1498.001\", \"T1133\", \"T1561\", \"T1566.002\", \"T1566.001\", \"T1498.002\", \"T1190\", \"T1595\", \"T1110.003\", \"T1590\", \"T1566\", \"T1110\", \"T1078\", \"T1486\", \"T1588\", \"T1189\", \"T1498\", \"T1587\", \"T1490\"]\nIndustries: [\"Energy\", \"Defense\", \"Government\", \"Healthcare\", \"Finance\", \"Telecommunications\", \"Aerospace\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1772679607", "to_ids": false, "type": "threat-actor", "uuid": "c345d173-24a9-4b3a-a5aa-96dd84946ba4", "value": "Multiple Iranian APT groups" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772679607", "to_ids": false, "type": "vulnerability", "uuid": "fc78b19a-ee59-470f-aed8-b56cfffef3af", "value": "CVE-2024-24919" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772814143", "to_ids": true, "type": "domain", "uuid": "78252487-9ca5-4b85-9240-0f53bc4cdb86", "value": "tylarion867mino.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814166", "uuid": "8e0acbf2-a6c3-4ebb-9de4-6299f0317ca7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814166", "to_ids": true, "type": "md5", "uuid": "df2f08b3-9eb5-48ea-86df-9c9109c0e95a", "value": "c92e2655d115368f92e7b7de5803b7bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809674", "to_ids": true, "type": "sha1", "uuid": "0a719b9d-e248-4868-a516-d47825284df3", "value": "366e435a1ea0f597deb6ebe7c0c5acdb6e8b33eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809674", "to_ids": true, "type": "sha256", "uuid": "b5b8f71c-54c4-4c57-9de1-65db454b6dea", "value": "1b39f9b2b96a6586c4a11ab2fdbff8fdf16ba5a0ac7603149023d73f33b84498", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808518", "to_ids": true, "type": "ssdeep", "uuid": "cede3706-daab-4490-8111-c47335c04f5b", "value": "384:PTlCwsCROIIuZkdKIf5C+UCOP32ZU4UKa:4wsCR010C832ZHUKa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808518", "to_ids": false, "type": "size-in-bytes", "uuid": "3206af01-29bc-46a1-970a-e285d0794016", "value": "16208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808518", "to_ids": true, "type": "vhash", "uuid": "19defc3a-a543-4a01-ac6b-a93d6e2f879d", "value": "11514985d20f0caa4891de35605a94af" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808518", "to_ids": true, "type": "filename", "uuid": "d8d5eb94-c340-419f-b595-383b3ffa97c8", "value": "c92e2655d115368f92e7b7de5803b7bc___679136bd-a11b-4be5-9479-afbbddcf1aab.elf" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808518", "to_ids": false, "type": "text", "uuid": "e98396e4-6880-4a69-bf9b-49232d94e9a9", "value": "Type Description: ELF\nMicrosoft: Trojan:Linux/Multiverze!rfn\nVT Total Detection:34/64\nFirst Submission:2024-01-17T14:33:07.000000+00:00\nLast Submission:2026-02-28T06:55:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814187", "uuid": "cf3c66ad-068a-4173-80a6-cad0f1188d16", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814187", "to_ids": true, "type": "md5", "uuid": "9496e67a-a04c-4f45-8401-0ded6a79d634", "value": "b27c2e0141bbb3a7907a5ec1863e1465", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809676", "to_ids": true, "type": "sha1", "uuid": "f27d38f0-8835-44a2-83bd-f41cb468b8bf", "value": "1f96d15b26416b2c7043ee7172357af3afbb002a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809676", "to_ids": true, "type": "sha256", "uuid": "c4d9ac22-5e74-41c3-bc24-966a41ea430e", "value": "09407d2e3ac7d6af13c407d17ec8e51b6d1b1d8271df65ebd0b3ffbab420b2fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808542", "to_ids": true, "type": "ssdeep", "uuid": "85268018-dec8-4144-b3f3-b04dcfad66c4", "value": "12288:qQM/6y0bWGp3ppJS9q++7jEoFLCTuqvZCFP8j9Z7IMv43I+sx5U4MZ9B7vX:qQAFtH0jECC9vYx8wMv43I+0a7/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808542", "to_ids": false, "type": "size-in-bytes", "uuid": "034eb0d9-b340-48cf-8f58-4308b8e3c887", "value": "1118720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808542", "to_ids": true, "type": "vhash", "uuid": "cc45a800-bcb9-4db6-a3ea-4780a3397dd6", "value": "216036751511f0c212650124" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808542", "to_ids": true, "type": "filename", "uuid": "0afb4467-e3e6-4974-b236-968a4d361e52", "value": "ShareAudit.exe" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 06/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808542", "to_ids": false, "type": "text", "uuid": "f53ef4a4-e91a-41c8-a667-d32ad233ba31", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:45/72\nFirst Submission:2019-07-09T07:38:27.000000+00:00\nLast Submission:2026-01-06T19:13:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772814209", "uuid": "21dce094-3b41-4862-83e1-b615ae6f19cc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772814209", "to_ids": true, "type": "md5", "uuid": "d882addf-df7d-46ea-a11f-e8af50a45827", "value": "a30ffebf2c87a6dfd4946213263f2760", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772809679", "to_ids": true, "type": "sha1", "uuid": "89f62d76-a6bd-44bf-853a-264ecb699b6b", "value": "3d3cdf7cfc881678febcafb26ae423fe5aa4efec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772809679", "to_ids": true, "type": "sha256", "uuid": "79b55fd7-379e-49f1-9577-46722899b9f7", "value": "b729962dd554dc2cba31ac9f7b9046eb119e7b4ae299d674f65ee9eba5679d62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772808565", "to_ids": true, "type": "ssdeep", "uuid": "92ff9b4e-ee59-4b1d-9b2a-4cc3b834f10c", "value": "384:4j2hOd2LQOK1bdkIcGk3lPC74xQ/CKDe8DNZa7gJXHj:4j4E2LjYBVcGkJC7YQ/9ZpXj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772808565", "to_ids": false, "type": "size-in-bytes", "uuid": "01dbf6d9-1c96-4f90-93e6-3e7218288ec2", "value": "23552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772808565", "to_ids": true, "type": "vhash", "uuid": "b94180cd-d05f-41ad-97d8-8c830cfde534", "value": "12403e0f6d1019z27z15z15z15z16z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772808565", "to_ids": true, "type": "filename", "uuid": "45d5b31d-5a1e-4280-b405-4a4868800d3f", "value": "b729962dd554dc2cba31ac9f7b9046eb119e7b4ae299d674f65ee9eba5679d62.mal_" }, { "category": "Other", "comment": "Checked: 06/03/2026\nLast-scan\t: 05/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772808565", "to_ids": false, "type": "text", "uuid": "fd4f107e-a916-4dd8-ac09-6a1545a516d7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:33/72\nFirst Submission:2024-11-19T19:36:16.000000+00:00\nLast Submission:2024-11-19T19:36:16.000000+00:00" } ] } ] } }