{ "Event": { "analysis": "1", "date": "2015-01-01", "extends_uuid": "", "info": "[Threat Intel] BLACKENERGY & QUEDAGH", "protected": false, "publish_timestamp": "1772419792", "published": true, "threat_level_id": "2", "timestamp": "1772419790", "uuid": "4347d922-e92b-4716-886b-3a2398084cbc", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"WithSecure\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Georgia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Railway\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771800505", "to_ids": false, "type": "link", "uuid": "b80dfe05-131c-4dad-8da2-5e5a4b220f67", "value": "https://blog-assets.f-secure.com/wp-content/uploads/2019/10/15163408/BlackEnergy_Quedagh.pdf" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801131", "uuid": "79cf9d96-2a02-4699-8b54-41ef8d9343e1", "Attribute": [ { "category": "Payload delivery", "comment": "Main reference for related BlackEnergy 2 32-bit driver and main DLL component analysis", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801131", "to_ids": true, "type": "md5", "uuid": "a972d165-6cf5-492c-a4bb-65106c1e469a", "value": "462860910526904ef8334ee17acbbbe5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Main reference for related BlackEnergy 2 32-bit driver and main DLL component analysis", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801116", "to_ids": true, "type": "sha1", "uuid": "5a5631a3-05c9-423b-84e1-ca1cf2349ff9", "value": "26b9816b3f9e2f350cc92ef4c30a097c6fec7798", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Main reference for related BlackEnergy 2 32-bit driver and main DLL component analysis", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801116", "to_ids": true, "type": "sha256", "uuid": "33f6eba0-4387-47ff-a85b-c139e1caffc9", "value": "e791718c0141e3829608142fb0f0d35c9af270f78ae0b72fce2edd07a9684568", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771800806", "to_ids": true, "type": "ssdeep", "uuid": "f450f5ae-19e9-466d-acd7-ee5b16300124", "value": "1536:KTUjDnv37xf4patQDfexEtyxb7Ld0tDb0SuyeC:7H37SpLDWg2b7Lyt30Suy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771800806", "to_ids": false, "type": "size-in-bytes", "uuid": "6c5d2b17-c3c6-4338-b369-57482543f990", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771800806", "to_ids": true, "type": "vhash", "uuid": "9dbf5d00-b432-407f-bc5f-2e71a2a4962e", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771800806", "to_ids": true, "type": "filename", "uuid": "6f7de889-cc8d-480b-9296-908cab77b2b0", "value": "26b9816b3f9e2f350cc92ef4c30a097c6fec7798.codex" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 19/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771800806", "to_ids": false, "type": "text", "uuid": "1d7e6470-bb19-4388-9a9f-8ef70a2e66cc", "value": "Main reference for related BlackEnergy 2 32-bit driver and main DLL component analysis\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:61/72\nFirst Submission:2014-06-04T12:48:15.000000+00:00\nLast Submission:2025-03-13T08:08:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801153", "uuid": "45f6bc8a-1004-497e-b530-711e66c78015", "Attribute": [ { "category": "Payload delivery", "comment": "Main reference for related BlackEnergy 2 64-bit driver (signed on 2013-12-25) and installer analysis. Basis for the start of the Ukrainian target", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801153", "to_ids": true, "type": "md5", "uuid": "addf583c-34bf-4c13-8420-3c9365e76471", "value": "6cac1a8ba79f327d0ad3f4cc5a839aa1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Main reference for related BlackEnergy 2 64-bit driver (signed on 2013-12-25) and installer analysis. Basis for the start of the Ukrainian target", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801117", "to_ids": true, "type": "sha1", "uuid": "f0de5f5c-871d-44d9-b056-ac35ff306dfa", "value": "bf9937489cb268f974d3527e877575b4fbb07cb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Main reference for related BlackEnergy 2 64-bit driver (signed on 2013-12-25) and installer analysis. Basis for the start of the Ukrainian target", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801117", "to_ids": true, "type": "sha256", "uuid": "f8185f5d-bbca-4f94-b4cc-1b3c140f07d6", "value": "d841d9092239fc029b10da01c19868749b0f6bd757926ff04674658468495808", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771800828", "to_ids": true, "type": "ssdeep", "uuid": "7b606427-92bd-4a37-af3b-b88e13a61469", "value": "3072:vkIlIZXu6bGIsQQOsNXgn5NdcY21kfvHe3VtUzXWzz8fAw4YCGYHlH0DCv:vRIMImHNX4s1kfPgqGzgRsHl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771800828", "to_ids": false, "type": "size-in-bytes", "uuid": "66f9a6e3-25ec-4b99-b399-3148bec1ef55", "value": "173056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771800828", "to_ids": true, "type": "vhash", "uuid": "870ad1bd-c5d7-45d4-8883-57911a70d2e2", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771800828", "to_ids": true, "type": "filename", "uuid": "72720bec-01f1-4947-8a6e-3a73fbc37de1", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771800828", "to_ids": false, "type": "text", "uuid": "899b2e85-4a6c-40ef-8b9a-2ed4c3a6f239", "value": "Main reference for related BlackEnergy 2 64-bit driver (signed on 2013-12-25) and installer analysis. Basis for the start of the Ukrainian target\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Phdet.A\nVT Total Detection:54/73\nFirst Submission:2014-06-04T18:20:12.000000+00:00\nLast Submission:2025-03-13T08:02:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801174", "uuid": "cedee74d-24c0-4039-bc75-0ff14c5d9f96", "Attribute": [ { "category": "Payload delivery", "comment": "Main reference for related BlackEnergy 3 analysis", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801174", "to_ids": true, "type": "md5", "uuid": "ab3364df-fbb9-428c-82ff-e8af2cea65fb", "value": "78387651dd9608fcdf6bfb9df8b84db4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Main reference for related BlackEnergy 3 analysis", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801118", "to_ids": true, "type": "sha1", "uuid": "b854978a-6447-41d4-840a-b98b095b1a4b", "value": "78636f7bbd52ea80d79b4e2a7882403092bbb02d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Main reference for related BlackEnergy 3 analysis", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801118", "to_ids": true, "type": "sha256", "uuid": "3f08ef96-d5da-48ec-ae7a-7e87e0f216d0", "value": "bc062acda428f55782710f9c4f2df88c26dfbc004b94b479459f8572b1219444", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771800850", "to_ids": true, "type": "ssdeep", "uuid": "1405df94-38af-49d9-9035-8a5b159aa883", "value": "1536:i7wOrSdcCw7jzs6ZVDd2SR8I/tr+TSw5vwqFAU0199vVFAQVT6YfXJvgSIy:iTrSWPjQQVIc8I5WSw5vV0v2QvXJvgS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771800850", "to_ids": false, "type": "size-in-bytes", "uuid": "cc4d7f2f-bdf8-47a6-9568-b46b2895d060", "value": "159744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771800850", "to_ids": true, "type": "vhash", "uuid": "5266e2cf-9981-40d2-9fe6-3c632187cbe0", "value": "01503665055\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771800850", "to_ids": true, "type": "filename", "uuid": "c7027823-bd90-4b25-8454-45bec1b21144", "value": "78636f7bbd52ea80d79b4e2a7882403092bbb02d.codex" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771800850", "to_ids": false, "type": "text", "uuid": "a875de25-e890-4a7a-becb-c023207a23e7", "value": "Main reference for related BlackEnergy 3 analysis\r\nType Description: Win32 EXE\nMicrosoft: Worm:Win32/Phdet.B\nVT Total Detection:64/72\nFirst Submission:2014-06-27T10:23:54.000000+00:00\nLast Submission:2025-03-13T08:19:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801195", "uuid": "7e7ee5af-461b-4956-b95b-32cce112c5dd", "Attribute": [ { "category": "Payload delivery", "comment": "Main reference for related si plugin analysis", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801195", "to_ids": true, "type": "md5", "uuid": "97115925-6520-49d7-a990-ad7df81dc8a4", "value": "90b19a0021b8ea16daa7dcfbb9c0b94e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Main reference for related si plugin analysis", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801119", "to_ids": true, "type": "sha1", "uuid": "e4fd59c9-73ed-4268-bb1f-7ef8414b8f97", "value": "bf9172e87e9264d1cddfc36cbaa74402bb405708", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Main reference for related si plugin analysis", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801120", "to_ids": true, "type": "sha256", "uuid": "957a12e6-c9c2-46fd-88ae-d717e35b7ab3", "value": "16d68b740b5d9aa60929e39fd616d31be2c8528d0f1e58db4cbb16976f7cd725", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771800872", "to_ids": true, "type": "ssdeep", "uuid": "77336f5a-5137-4021-801a-0af3d5d4de87", "value": "6144:HEcke0UIx5hsHJzSFeifFclvT+HAUS2tS+1IcbHW3:HEcke0UFpWoFlvT+gUS8S0bH4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771800872", "to_ids": false, "type": "size-in-bytes", "uuid": "e00262f7-d5fe-400a-9103-25a3ccfb9eda", "value": "256000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771800872", "to_ids": true, "type": "vhash", "uuid": "65fc331b-4bad-44d2-b229-3f283e431b34", "value": "125056655d75155163z12z221z23z13z57z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771800872", "to_ids": true, "type": "filename", "uuid": "bf1d1614-84f5-46ac-b6f6-aaa99513c439", "value": "bf9172e87e9264d1cddfc36cbaa74402bb405708.codex" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771800872", "to_ids": false, "type": "text", "uuid": "69a49c64-344f-4410-8afe-bc3b3cc9415c", "value": "Main reference for related si plugin analysis\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Phdet.Y!dha\nVT Total Detection:58/73\nFirst Submission:2014-08-26T00:41:24.000000+00:00\nLast Submission:2025-03-13T08:15:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801217", "uuid": "5c78eda4-d1cc-4e1f-9135-580dca80fef3", "Attribute": [ { "category": "Payload delivery", "comment": "Stand-alone non-persistent BlackEnergy 2 sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801217", "to_ids": true, "type": "md5", "uuid": "d63edae7-953a-4d68-b034-96f02bef0f4f", "value": "8b152fc5885cb4629f802543993f32a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stand-alone non-persistent BlackEnergy 2 sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801120", "to_ids": true, "type": "sha1", "uuid": "765c7c39-8dc3-4d65-af41-9fa7458cf8a9", "value": "441cfbaba1dfd58ce03792ef74d183529e8e0104", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stand-alone non-persistent BlackEnergy 2 sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801120", "to_ids": true, "type": "sha256", "uuid": "d00026a8-51fb-4852-90c8-015ca86deae1", "value": "af62f29ac01e8335bf41c02c1460ebafcbaf94956b1001f7d515eecf63cea4f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771800893", "to_ids": true, "type": "ssdeep", "uuid": "858b3044-2ee4-4e47-948a-69f161310bd7", "value": "768:CFbYK2Ong32/xsNioSGJbu/pswy+7mh2posc/8+yPoleYa+9gqjTfL9kFrpzkjWy:gb0WgG/xo/8WaHAle7eErRkjy8gE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771800893", "to_ids": false, "type": "size-in-bytes", "uuid": "ce9684d7-c1dc-469f-a467-fb4be14d890b", "value": "79872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771800893", "to_ids": true, "type": "vhash", "uuid": "45ce1275-9b06-471f-b137-55f0b966847a", "value": "07403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771800893", "to_ids": true, "type": "filename", "uuid": "969c2416-7308-4258-8b83-609240ae8900", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771800893", "to_ids": false, "type": "text", "uuid": "ff729116-4528-418d-abb0-597f54f58742", "value": "Stand-alone non-persistent BlackEnergy 2 sample\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:63/73\nFirst Submission:2014-06-11T09:41:59.000000+00:00\nLast Submission:2025-03-13T08:22:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801238", "uuid": "ceb4c0b8-732e-4b13-bd0d-0168f1035512", "Attribute": [ { "category": "Payload delivery", "comment": "Trojanized Juniper installer containing related BlackEnergy 2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801238", "to_ids": true, "type": "md5", "uuid": "875e3c40-4f02-4bfb-abf9-01c023b4ef49", "value": "da079ca6d8ff656b15720fc3628de1c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized Juniper installer containing related BlackEnergy 2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801122", "to_ids": true, "type": "sha1", "uuid": "a00e9db2-afe7-4eec-beca-fc013c35613e", "value": "f7d4aa90b76646f4a011585eb43b9d13c60f48eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized Juniper installer containing related BlackEnergy 2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801122", "to_ids": true, "type": "sha256", "uuid": "dbbc530d-8eb3-4c02-9170-d51ddc3e7621", "value": "47aea6a4e1da1fb8b454c038c21736bee53d59d095a4f5b866d5dd8158fead41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771800915", "to_ids": true, "type": "ssdeep", "uuid": "93040aa7-c366-4748-8c32-156b7c35d14c", "value": "12288:ns92LHudH46woinYEZFbwhngI8vqcu21ut4HlQ/+CG1hZe4:nydYvHZl0gdnuVClQcx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771800915", "to_ids": false, "type": "size-in-bytes", "uuid": "0b5350e5-e954-4fbb-992f-0ff4062018cf", "value": "518568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771800915", "to_ids": true, "type": "vhash", "uuid": "8c903500-169c-46e5-9174-949ad11a2a31", "value": "055056655d1c05109043z8003c7z47z62z4103dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771800915", "to_ids": true, "type": "filename", "uuid": "4855e4ef-1989-482e-933b-c01289c89a60", "value": "f7d4aa90b76646f4a011585eb43b9d13c60f48eb.codex" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771800915", "to_ids": false, "type": "text", "uuid": "2ebcf7c8-ee04-4d61-9928-a4e8c39e4d7b", "value": "Trojanized Juniper installer containing related BlackEnergy 2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Comisproc!rfn\nVT Total Detection:52/73\nFirst Submission:2014-08-25T08:37:12.000000+00:00\nLast Submission:2025-03-13T07:40:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801259", "uuid": "36cc9934-5010-432a-8f28-ba4d178f8e11", "Attribute": [ { "category": "Payload delivery", "comment": "Trojanized Adobe Bootstrapper containing related BlackEnergy 2. This means that it is highly probable that there is a trojanized Adobe package out there.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801259", "to_ids": true, "type": "md5", "uuid": "f9401b37-21a9-4473-bdeb-009e7b7a6eda", "value": "fd111a5496b6336b8503ae02ffa04e28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized Adobe Bootstrapper containing related BlackEnergy 2. This means that it is highly probable that there is a trojanized Adobe package out there.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801123", "to_ids": true, "type": "sha1", "uuid": "2f38059c-2fbb-4b70-b194-e67c278c5ecc", "value": "8ccd2962bce8985d0794daed6e0bf73e5557cfe8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojanized Adobe Bootstrapper containing related BlackEnergy 2. This means that it is highly probable that there is a trojanized Adobe package out there.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801123", "to_ids": true, "type": "sha256", "uuid": "62808de8-b130-4531-8d4c-7e8aff96492b", "value": "4b2efcda5269f4b80dc417a2b01332185f2fafabd8ba7114fa0306baaab5a72d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771800937", "to_ids": true, "type": "ssdeep", "uuid": "b20912d2-5a0f-4811-9082-a55c0552ffdc", "value": "12288:ug/ioxcytQFz81ClKJ9xEv21ut4HlQ/+CG1hZeo:ugqx8MlKJ9mvVClQc1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771800937", "to_ids": false, "type": "size-in-bytes", "uuid": "82dee3cf-2c49-43e8-b974-8e58799ba9a6", "value": "540000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771800937", "to_ids": true, "type": "vhash", "uuid": "5ec9bae7-3543-4762-aec3-4d1367ec4bdc", "value": "055046655d151121z1001800957z3035z106016703dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771800937", "to_ids": true, "type": "filename", "uuid": "d34ab822-da02-46bc-9e35-da8cf889b289", "value": "Setup.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771800937", "to_ids": false, "type": "text", "uuid": "64f893f6-607b-4c1e-8904-dc1b2175423d", "value": "Trojanized Adobe Bootstrapper containing related BlackEnergy 2. This means that it is highly probable that there is a trojanized Adobe package out there.\r\nType Description: Win32 EXE\nMicrosoft: Worm:Win32/Phdet.B\nVT Total Detection:53/73\nFirst Submission:2014-08-25T09:30:43.000000+00:00\nLast Submission:2025-03-13T03:30:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801281", "uuid": "85d55e97-6b47-4f9e-a2d3-c7d2a2357830", "Attribute": [ { "category": "Payload delivery", "comment": "Related RTF document containing exploit", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801281", "to_ids": true, "type": "md5", "uuid": "dfdf3b73-c833-4b6c-9e75-d6207b60914c", "value": "7edc54253563975dd49692bee3bb390a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Related RTF document containing exploit", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801124", "to_ids": true, "type": "sha1", "uuid": "67e8149d-f22c-45af-a3ee-d6271db6e290", "value": "d496f99f7e07d5cbbd177a9d43febe8fb87ebc3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Related RTF document containing exploit", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801124", "to_ids": true, "type": "sha256", "uuid": "50184186-7a9a-4469-a5bd-497c82d5b3d7", "value": "b1ca89de93a1d9bf17cdbf8a3c61e7f52f275a3bcbbd285d35d6a40c45dde9bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771800959", "to_ids": true, "type": "ssdeep", "uuid": "ccf4575a-1229-408d-ad12-cddfb4c16b95", "value": "6144:vSEZUbjb8RyZORYVt/7ezIdaNhOIFK0nYz4iEfjxmsW:vSE+/wuHqsaWIx64d7xmsW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771800959", "to_ids": false, "type": "size-in-bytes", "uuid": "1a007c17-a722-44d7-ada3-ef14a951704c", "value": "284779" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771800959", "to_ids": true, "type": "vhash", "uuid": "e66dc995-d735-49eb-8aff-abd941afb1e3", "value": "820e611f5b6551a68d36939f02d58a4ba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771800959", "to_ids": true, "type": "filename", "uuid": "4851df90-f910-47b3-b512-b7f3be2bec7c", "value": ".dll" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 20/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771800959", "to_ids": false, "type": "text", "uuid": "5bcb7504-846f-46a2-9905-2a337553e4c5", "value": "Related RTF document containing exploit\r\nType Description: Rich Text Format\nMicrosoft: Exploit:Win32/CVE-2010-3333.B\nVT Total Detection:45/62\nFirst Submission:2012-01-18T06:55:07.000000+00:00\nLast Submission:2022-08-08T15:27:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801302", "uuid": "2f0b5fd6-763e-4136-a6ba-766cb702049e", "Attribute": [ { "category": "Payload delivery", "comment": "Related BlackEnergy 2 binary containing strings that are political in nature", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801302", "to_ids": true, "type": "md5", "uuid": "6e32fc29-11f8-49c5-8167-95a0620f8953", "value": "9b29903a67dfd6fec33f50e34874b68b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Related BlackEnergy 2 binary containing strings that are political in nature", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801125", "to_ids": true, "type": "sha1", "uuid": "a84e8c6e-22c7-4af7-afd9-bc5a20b72d8f", "value": "cc71aa8f919911676fb5d775c81afc682e6e3dd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Related BlackEnergy 2 binary containing strings that are political in nature", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801125", "to_ids": true, "type": "sha256", "uuid": "01ec1f7f-c75c-4782-849e-5a2350c2044d", "value": "951e5623c20d4e9ab158fe105436389dbf61327b2c87b7fb36f8ad3ff5ad9bde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771800981", "to_ids": true, "type": "ssdeep", "uuid": "ed75bdaa-7b0e-4d1e-98f9-e46febb111f6", "value": "1536:UXLsRZCbc2n8PFC66wq+R0NKDHoTAJKb4C+sHICQvH0DCAYv:UYRZ+cXPc6zq+RM0oTALD6CH0DCJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771800981", "to_ids": false, "type": "size-in-bytes", "uuid": "4e70a59d-b3ac-4f8a-a644-65d5de25eb12", "value": "75336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771800981", "to_ids": true, "type": "vhash", "uuid": "4e157339-415e-4310-a5de-726b48fb67c9", "value": "074046755d551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771800981", "to_ids": true, "type": "filename", "uuid": "18397f1a-c001-46d5-bf79-de345fff9a9f", "value": "regedt32.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 07/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771800981", "to_ids": false, "type": "text", "uuid": "e14b240e-2b51-4a1a-8d6d-75729c0bc0e5", "value": "Related BlackEnergy 2 binary containing strings that are political in nature\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Rustock.E\nVT Total Detection:63/72\nFirst Submission:2012-07-11T19:14:40.000000+00:00\nLast Submission:2025-03-13T07:44:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801324", "uuid": "c5befc83-dd7e-4434-bad0-a24c9e3f125e", "Attribute": [ { "category": "Payload delivery", "comment": "Oldest (compiled on 2010-12-14) related BlackEnergy 2 installer that was found", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801324", "to_ids": true, "type": "md5", "uuid": "fe16629e-50f1-4df3-a987-03099f7b65b7", "value": "82418d99339bf9ff69875a649238ac18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Oldest (compiled on 2010-12-14) related BlackEnergy 2 installer that was found", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801126", "to_ids": true, "type": "sha1", "uuid": "251cbee3-c559-4ca1-9cb6-ddd70eac0987", "value": "abab02d663872bcdbe2e008441fcd7157c0eb52d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Oldest (compiled on 2010-12-14) related BlackEnergy 2 installer that was found", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801126", "to_ids": true, "type": "sha256", "uuid": "3b7a04c3-1333-456e-be31-c4fb3095b2c1", "value": "f8b974cf978a3828aeb9b83fc48645da576e4b90dd47c2b82a46f6c14665a9e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801003", "to_ids": true, "type": "ssdeep", "uuid": "cc92efa3-357b-45f2-9241-563cc5f012df", "value": "1536:yulKeo8sm8V/k5COPsEKZ1GgoygvH0IDxbY5NVXtTucX8gqnmk3rHDSv:yWKfmmqCrIygvUMMXXMcXXqmkbHM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801003", "to_ids": false, "type": "size-in-bytes", "uuid": "31ec4cab-3750-4aa8-8fc6-989ad5f9a99e", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801003", "to_ids": true, "type": "vhash", "uuid": "fb274595-37fa-4f27-87ef-d575cd43db91", "value": "074046755d551031801004c006f9zfazb303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801003", "to_ids": true, "type": "filename", "uuid": "e1b76b7d-a8bd-489e-8f22-4b84863f88cb", "value": "regedt32.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 24/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801003", "to_ids": false, "type": "text", "uuid": "d06e5cc5-9f46-4874-893f-14e507db42f4", "value": "Oldest (compiled on 2010-12-14) related BlackEnergy 2 installer that was found\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:58/71\nFirst Submission:2013-04-16T20:03:29.000000+00:00\nLast Submission:2025-03-13T08:08:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801345", "uuid": "6ae96660-d99c-4cd1-add8-1508cb9612c2", "Attribute": [ { "category": "Payload delivery", "comment": "Oldest (compiled on 2013-04-09) related BlackEnergy 2 installer that bypass UAC that was found", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801345", "to_ids": true, "type": "md5", "uuid": "61d9f44f-a7b8-4823-af5d-cac687755355", "value": "948cd0bf83a670c05401c8b67d2eb310", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Oldest (compiled on 2013-04-09) related BlackEnergy 2 installer that bypass UAC that was found", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801127", "to_ids": true, "type": "sha1", "uuid": "8cc358a6-c8b2-4dbe-896a-16828aa23b14", "value": "e5c8c10b10ee288512d3a7c79ae1249b57857d23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Oldest (compiled on 2013-04-09) related BlackEnergy 2 installer that bypass UAC that was found", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801127", "to_ids": true, "type": "sha256", "uuid": "2ee274b9-8a25-4436-bfef-a5f1de365c5c", "value": "91f72808aaed45a76ff1044a23fd6df4b7ab7ace292725522518feb9c0b8574e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801025", "to_ids": true, "type": "ssdeep", "uuid": "38fc6469-0f14-4eda-b6dd-c9b06a5e7f15", "value": "1536:/3LOP/x71X3J6K+tNPi4MTANO2xPq9gOrrZEJ0P6ZQUYERH0DCxbn:DOp1X5qK4MTgRqmOp7PtUYERH0DCxbn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801025", "to_ids": false, "type": "size-in-bytes", "uuid": "1cbb6027-c586-4a7a-9ce0-9f99c4fe0946", "value": "93696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801025", "to_ids": true, "type": "vhash", "uuid": "200b30bd-d554-41cb-9a6a-bdfe3955ac34", "value": "094046755d651080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801025", "to_ids": true, "type": "filename", "uuid": "962d79f6-597c-4b89-9078-823fcf8176a9", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 28/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801025", "to_ids": false, "type": "text", "uuid": "df6853cf-fe2b-43bb-a4c8-d860f0fe0350", "value": "Oldest (compiled on 2013-04-09) related BlackEnergy 2 installer that bypass UAC that was found\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:61/72\nFirst Submission:2014-09-06T14:51:22.000000+00:00\nLast Submission:2025-03-18T02:12:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801367", "uuid": "f87eb6e7-f498-46e5-a170-92b9f7617e5c", "Attribute": [ { "category": "Payload delivery", "comment": "Oldest (signed on 2013-11-14) related BlackEnergy 2 64-bit driver that was found", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801367", "to_ids": true, "type": "md5", "uuid": "43fb5d2d-1c9d-4518-98b5-ec8e08609363", "value": "715e9e60be5a9b32075189cb04a0247e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Oldest (signed on 2013-11-14) related BlackEnergy 2 64-bit driver that was found", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801128", "to_ids": true, "type": "sha1", "uuid": "397b82d2-aff6-4428-99b3-07e4ae98c2e0", "value": "8743c8994cc1e8219697394b5cb494efa7dad796", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Oldest (signed on 2013-11-14) related BlackEnergy 2 64-bit driver that was found", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801128", "to_ids": true, "type": "sha256", "uuid": "45b2e868-6105-43da-ae9a-a9ff978b2911", "value": "2aade7381aa87f55b7d7a5284d22be5472fd8cd966d216fd4445ca3a8bbb3ff3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801047", "to_ids": true, "type": "ssdeep", "uuid": "5ccd2a6b-6e05-4414-9dff-c6152d373c75", "value": "1536:5OKtb09UWCE/zDtIWUZrXtDKUyoqnCQ6yOs/VpyQ:oKtbqxCE/SBBXOrp6y3yQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801047", "to_ids": false, "type": "size-in-bytes", "uuid": "3f0f9aca-831e-48b2-8152-81a1bb8f82ee", "value": "66480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801047", "to_ids": true, "type": "vhash", "uuid": "23fc576e-a129-49bc-ac2e-1d5b12576db4", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801047", "to_ids": true, "type": "filename", "uuid": "38e11b26-63ff-448e-9b56-506f3462b766", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 01/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801047", "to_ids": false, "type": "text", "uuid": "6c290826-69d0-45af-a434-f973683ffa3e", "value": "Oldest (signed on 2013-11-14) related BlackEnergy 2 64-bit driver that was found\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win64/Phdet.A\nVT Total Detection:54/72\nFirst Submission:2014-02-18T18:13:03.000000+00:00\nLast Submission:2025-03-13T08:14:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771801389", "uuid": "2e26400e-e18b-4ef2-bb88-522328365d1e", "Attribute": [ { "category": "Payload delivery", "comment": "Oldest (compiled on 2014-05-12) related BlackEnergy 3 dropper that was found", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771801389", "to_ids": true, "type": "md5", "uuid": "f2693857-ac26-4b13-9651-310c612a81eb", "value": "b3f4c86121966f43669c4e06d47c8a08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Oldest (compiled on 2014-05-12) related BlackEnergy 3 dropper that was found", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801129", "to_ids": true, "type": "sha1", "uuid": "0177109a-db01-41bf-99cb-5cf733f0ec85", "value": "285b3252a878d1c633ea988153bbc23c148dd630", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Oldest (compiled on 2014-05-12) related BlackEnergy 3 dropper that was found", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801129", "to_ids": true, "type": "sha256", "uuid": "547c9376-c8f3-44fb-9492-e3853120a01d", "value": "01425582aa5001342b985270a365fd92d909be011384247e81872bff586fa142", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801068", "to_ids": true, "type": "ssdeep", "uuid": "3f8fd813-7818-4867-95a8-f534b1e59090", "value": "1536:pQi64ewOlS4QaRg1fNOIBfKvhl3WqHocLTXG19wgYivm/XJv:pV64Ow2g1VfBfohl3fZTXAb6XJv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801068", "to_ids": false, "type": "size-in-bytes", "uuid": "40c90688-38a0-4c43-ae81-97b7618d5d85", "value": "147456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801068", "to_ids": true, "type": "vhash", "uuid": "c6697aa8-33d3-4233-93c0-1020f7b08765", "value": "015076151d15551f1f6bzbhz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801068", "to_ids": true, "type": "filename", "uuid": "cb425d2f-c167-4758-85cb-ee80684b440b", "value": "411634___4f0db6cb-1217-4840-8c7a-970ef9681ffe.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801068", "to_ids": false, "type": "text", "uuid": "a88e2cbb-9fcb-4d25-a299-857cf1419b90", "value": "Oldest (compiled on 2014-05-12) related BlackEnergy 3 dropper that was found\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.A\nVT Total Detection:58/72\nFirst Submission:2014-05-13T05:30:46.000000+00:00\nLast Submission:2025-03-13T07:49:49.000000+00:00" } ] } ] } }