{ "Event": { "analysis": "1", "date": "2016-01-03", "extends_uuid": "", "info": "[Threat Intel] BlackEnergy by the SSHBearDoor: attacks against Ukrainian news media and electric industry", "protected": false, "publish_timestamp": "1772419622", "published": true, "threat_level_id": "2", "timestamp": "1772419620", "uuid": "46e7d2b9-de11-41fd-bbf6-d600ccf59186", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Electric\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"News - Media\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771808749", "to_ids": false, "type": "link", "uuid": "dbf09079-fb6d-49e7-ac2b-edbce8958f87", "value": "https://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/" }, { "category": "Network activity", "comment": "IP addresses of BlackEnergy C2-servers:", "deleted": false, "disable_correlation": false, "timestamp": "1771810005", "to_ids": true, "type": "ip-dst", "uuid": "c4619e4a-ff8f-4296-8910-fabd6a3a1b1b", "value": "5.149.254.114", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IP addresses of BlackEnergy C2-servers:", "deleted": false, "disable_correlation": false, "timestamp": "1771810026", "to_ids": true, "type": "ip-dst", "uuid": "e20d83e4-9eb0-491a-85da-750145cec359", "value": "5.9.32.230", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IP addresses of BlackEnergy C2-servers:", "deleted": false, "disable_correlation": false, "timestamp": "1771810048", "to_ids": true, "type": "ip-dst", "uuid": "1fd54917-0037-4760-bc37-885c7387a789", "value": "31.210.111.154", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IP addresses of BlackEnergy C2-servers:", "deleted": false, "disable_correlation": false, "timestamp": "1771810069", "to_ids": true, "type": "ip-dst", "uuid": "10ba5c3c-dec5-482a-83eb-c3ea538adb47", "value": "88.198.25.92", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IP addresses of BlackEnergy C2-servers:", "deleted": false, "disable_correlation": false, "timestamp": "1771810090", "to_ids": true, "type": "ip-dst", "uuid": "1c47afd1-7ff9-4257-aa1c-c83f895129ad", "value": "146.0.74.7", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IP addresses of BlackEnergy C2-servers:", "deleted": false, "disable_correlation": false, "timestamp": "1771810112", "to_ids": true, "type": "ip-dst", "uuid": "735ffc0e-e372-465e-91ac-ea2eab0e691d", "value": "188.40.8.72", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771809998", "to_ids": true, "type": "sha1", "uuid": "89994983-e50f-433e-91ef-a0cc081c7f6c", "value": "672f5f332a6303080d807200a7f258c8155c54af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771809999", "to_ids": true, "type": "sha1", "uuid": "a3aaf641-1b48-4205-953e-da6c8eb84249", "value": "a427b264c1bd2712d1178912753bac051a7a2f6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771810000", "to_ids": true, "type": "sha1", "uuid": "308559ac-2144-4d62-9a3b-cbf78ee00da3", "value": "a9aca6f541555619159640d3ebc570cdcdce0a0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771810001", "to_ids": true, "type": "sha1", "uuid": "28df2e2b-41da-406b-ac63-97e544ee0403", "value": "b05e577e002c510e7ab11b996a1cd8fe8fdada0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771810002", "to_ids": true, "type": "sha1", "uuid": "9780ff98-98af-4c4d-8d0b-f3b1efb3e376", "value": "d91e6bb091551e773b3933be5985f91711d6ac3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810133", "uuid": "323a150f-f6d8-433b-a20c-f8362c57f036", "Attribute": [ { "category": "Payload delivery", "comment": "XLS document with malicious macro", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810133", "to_ids": true, "type": "md5", "uuid": "42a5a2be-a645-42f1-b6f8-8de3e2067d87", "value": "97b7577d13cf5e3bf39cbe6d3f0a7732", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "XLS document with malicious macro", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809965", "to_ids": true, "type": "sha1", "uuid": "f5c07e84-a857-48d5-8dad-cbd6bf4eb067", "value": "aa67ca4fb712374f5301d1d2bab0ac66107a4df1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "XLS document with malicious macro", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809965", "to_ids": true, "type": "sha256", "uuid": "60ba6863-4c91-4a85-8b2a-bd1332b04aea", "value": "052ebc9a518e5ae02bbd1bd3a5a86c3560aefc9313c18d81f6670c3430f1d4d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809218", "to_ids": true, "type": "ssdeep", "uuid": "92743ee9-ba91-400d-94a9-a843689d5803", "value": "12288:WfghhODBvtntqnRwEtjaeIPsmx5Lgc31DH:W43ODBvtntqnRwEtOeIEmDDj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809218", "to_ids": false, "type": "size-in-bytes", "uuid": "1c30948f-97d4-41fa-8e70-ae9e15adf715", "value": "734720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809218", "to_ids": true, "type": "vhash", "uuid": "41f97763-d689-4f39-b9fc-6795fa8967b5", "value": "c9faacb2d7cd138751c9aa37fdc96de8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809218", "to_ids": true, "type": "filename", "uuid": "55e66213-056c-46d8-b598-3f160e7b1ebf", "value": "Blackenergy.xls" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 18/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809218", "to_ids": false, "type": "text", "uuid": "3a39a6a3-23ff-4702-89b9-4af94cab94fb", "value": "XLS document with malicious macro\r\nType Description: MS Excel Spreadsheet\nMicrosoft: TrojanDownloader:O97M/Donoff\nVT Total Detection:46/64\nFirst Submission:2015-08-03T10:37:19.000000+00:00\nLast Submission:2026-01-21T09:51:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810154", "uuid": "71fc565a-7dc5-4291-b8ad-177652ed1917", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy Lite dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810154", "to_ids": true, "type": "md5", "uuid": "f36d0d2e-fcce-4f98-a9e9-a101dbe0f5fc", "value": "abeab18ebae2c3e445699d256d5f5fb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy Lite dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809966", "to_ids": true, "type": "sha1", "uuid": "ed1cfa14-2417-4d93-8161-b76ac1b2259b", "value": "4c424d5c8cfedf8d2164b9f833f7c631f94c5a4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy Lite dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809966", "to_ids": true, "type": "sha256", "uuid": "265ec201-5f54-423d-a758-c8a069630d29", "value": "07e726b21e27eefb2b2887945aa8bdec116b09dbd4e1a54e1c137ae8c7693660", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809240", "to_ids": true, "type": "ssdeep", "uuid": "c721c31c-b65a-42eb-8fdf-88020a9afc16", "value": "1536:Ghe+Kwx4YUaZ8XC68hYS6Oxw2wcW/EE5YxUg3UZBFuLLKpmUPOFA7UBMK1tk:G4+KC4YNCXC6m6v2neEE5YJ3UZEU/K1O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809240", "to_ids": false, "type": "size-in-bytes", "uuid": "5bbc0b62-611d-4e68-be24-ea652ad52a2a", "value": "98304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809240", "to_ids": true, "type": "vhash", "uuid": "65916ed1-5898-427b-95a4-921f7e061554", "value": "094046755d15119z3anz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809240", "to_ids": true, "type": "filename", "uuid": "eda7f4b6-b87f-4fa5-973c-129c46bc2cc1", "value": "CPLEXE.EXE" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 14/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809240", "to_ids": false, "type": "text", "uuid": "39914f62-cfb7-42a3-9bb2-7c7d836ce950", "value": "BlackEnergy Lite dropper\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet!rfn\nVT Total Detection:63/72\nFirst Submission:2015-03-24T09:49:54.000000+00:00\nLast Submission:2024-08-14T01:03:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810176", "uuid": "005cc1f3-fd84-459e-895c-7f3ecf06a587", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy Big dropper", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810176", "to_ids": true, "type": "md5", "uuid": "771bcc2f-5e75-4bbf-8851-6aab35467f9a", "value": "1d6d926f9287b4e4cb5bfc271a164f51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy Big dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809967", "to_ids": true, "type": "sha1", "uuid": "894f838c-491d-4fe4-be8e-6b7ccdb6f4bd", "value": "896fcacff6310bbe5335677e99e4c3d370f73d96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy Big dropper", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809967", "to_ids": true, "type": "sha256", "uuid": "faedcc29-e75b-4165-8913-546ff6076a18", "value": "07a76c1d09a9792c348bb56572692fcc4ea5c96a77a2cddf23c0117d03a0dfad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809262", "to_ids": true, "type": "ssdeep", "uuid": "af127eee-1dab-4906-b2fb-32799f42e1ed", "value": "3072:ZdG47Cf/YfIMooepTY/m0XypfYI6xNZrz9Va/DBE8JIQ8yP676vWgJRQf:ZdGboIMorikpwZ7DV4DG8JI0yuzJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809262", "to_ids": false, "type": "size-in-bytes", "uuid": "ac9597fc-107a-4464-885e-29f478b0e270", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809262", "to_ids": true, "type": "vhash", "uuid": "46c50d0d-a1e1-4979-aee3-01dbbee00d30", "value": "015046755555108jz57z106001cfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809262", "to_ids": true, "type": "filename", "uuid": "05c8dd92-73ea-478c-971a-f6fd91e0aa32", "value": "write" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 24/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809262", "to_ids": false, "type": "text", "uuid": "2f66ec41-74aa-4b48-9bff-57f9f498080e", "value": "BlackEnergy Big dropper\r\nType Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Cryptor\nVT Total Detection:60/72\nFirst Submission:2015-10-11T04:17:36.000000+00:00\nLast Submission:2024-02-06T03:08:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810197", "uuid": "22089a1c-b0bc-42ed-812f-6409edf9f8b9", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810197", "to_ids": true, "type": "md5", "uuid": "70107796-b310-443b-97b6-8ef915b3f092", "value": "03e9477f8da8f6f61b03a01d5a38918f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809968", "to_ids": true, "type": "sha1", "uuid": "166f4fa7-35c6-493f-874c-cd9d1ed55c65", "value": "069163e1fb606c6178e23066e0ac7b7f0e18506b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809969", "to_ids": true, "type": "sha256", "uuid": "618240f5-f2d8-4db5-89a0-05d33c89832e", "value": "b73777469f939c331cbc1c9ad703f973d55851f3ad09282ab5b3546befa5b54a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809284", "to_ids": true, "type": "ssdeep", "uuid": "0a712b64-25d2-424f-b214-065df78c22ae", "value": "1536:+vr60zdniqtOt7huQUh6A6v6Z5i2BHMcWW0x5wxya6AWJN:f0RgB4Qq6A6vui2BscWRMn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809284", "to_ids": false, "type": "size-in-bytes", "uuid": "bf257e44-4ce6-4c8e-a01d-a52511bdf4f1", "value": "62976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809284", "to_ids": true, "type": "vhash", "uuid": "9b681db7-d468-40bf-8d5b-2ecb3a3c6aa9", "value": "06407e751d150e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809284", "to_ids": true, "type": "filename", "uuid": "3fc9f3c7-fad4-4f60-8f3c-5bc9df22c1c7", "value": "prod.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 31/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809284", "to_ids": false, "type": "text", "uuid": "981453f2-afe5-43d2-9ffe-6c2ddafc5bbc", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:59/72\nFirst Submission:2015-07-28T10:11:43.000000+00:00\nLast Submission:2022-11-25T21:09:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810218", "uuid": "2de1515b-99a9-4846-848c-9646a81fbc70", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810218", "to_ids": true, "type": "md5", "uuid": "a351fec9-92dc-4f1c-a185-a33d08237e5f", "value": "97b41d4b8d05a1e165ac4cc2a8ac6f39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809970", "to_ids": true, "type": "sha1", "uuid": "63dd6618-8633-4aa6-8316-bf95c5aecf4b", "value": "0b4be96ada3b54453bd37130087618ea90168d72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809970", "to_ids": true, "type": "sha256", "uuid": "83e7897e-6cdd-4069-9ae8-a6b825af3bc0", "value": "3432db9cb1fb9daa2f2ac554a0a006be96040d2a7776a072a8db051d064a8be2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809306", "to_ids": true, "type": "ssdeep", "uuid": "3e1266f0-aaa1-41ca-a76e-c6ba665798dd", "value": "768:K6GpjOLuaJEndu9yyCuSNrv+LVR4Lcs9m1RFyvSpQLZBkJU7YyvM05KVhLC3vR:KpYlayS6R4XsvFyv4QQJU7vR5SLCfR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809306", "to_ids": false, "type": "size-in-bytes", "uuid": "38704591-ff10-4bd8-ad44-81c281fd9ede", "value": "51600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809306", "to_ids": true, "type": "vhash", "uuid": "ae14ae98-12f1-4157-8292-8d25764ba29e", "value": "054086651d151e55151c7iz11xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809306", "to_ids": true, "type": "filename", "uuid": "26f3352f-2675-494d-998e-acfb77fc279c", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 21/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809306", "to_ids": false, "type": "text", "uuid": "e796b51e-203b-43b5-af21-eb5576885831", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Phdet.A\nVT Total Detection:58/72\nFirst Submission:2015-11-10T07:51:42.000000+00:00\nLast Submission:2022-12-20T12:39:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810240", "uuid": "cd97ad64-6ea2-4255-8b52-72e6bdf809ed", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810240", "to_ids": true, "type": "md5", "uuid": "fb856765-fed2-40f8-97a9-26d3259f9a97", "value": "956246139f93a83f134a39cd55512f6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809971", "to_ids": true, "type": "sha1", "uuid": "f93e4f3f-dcd5-4afe-9780-b885f85ac49b", "value": "1a716bf5532c13fa0dc407d00acdc4a457fa87cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809971", "to_ids": true, "type": "sha256", "uuid": "50304c27-39ae-4bea-887a-baf85b3dc46b", "value": "97be6b2cec90f655ef11ed9feef5b9ef057fd8db7dd11712ddb3702ed7c7bda1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809327", "to_ids": true, "type": "ssdeep", "uuid": "8aa84cc3-dc08-45ad-bb41-9d9e6f56d1bf", "value": "768:H6GpjOLuaJEndu9yyCuSNrv+LVRagdBKauZzEA3Fy4qKtOtfEDHZANG:HpYlayS6RagdKv3FyWtB5AU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809327", "to_ids": false, "type": "size-in-bytes", "uuid": "db394802-cc1f-42b0-a184-f87686058b4b", "value": "51600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809327", "to_ids": true, "type": "vhash", "uuid": "922d31fd-6542-431b-836f-e701640bbff5", "value": "054086651d151e55151c7iz11xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809327", "to_ids": true, "type": "filename", "uuid": "ac586260-92c5-4643-9269-cc67f0e2ecb9", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 05/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809327", "to_ids": false, "type": "text", "uuid": "d045f197-7b0d-4909-b0fa-f047062c4f27", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Phdet.A\nVT Total Detection:60/72\nFirst Submission:2015-11-04T08:29:04.000000+00:00\nLast Submission:2022-08-16T15:16:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810262", "uuid": "e0a5af5f-8002-4fc7-9f75-5361286445e4", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810262", "to_ids": true, "type": "md5", "uuid": "22630f7b-035e-43b9-bec4-a55a3b5adba7", "value": "1e439a13df4b7603f5eb7a975235065e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809973", "to_ids": true, "type": "sha1", "uuid": "92aebada-bb22-4a05-9c7d-85d179b1bb68", "value": "1a86f7ef10849da7d36ca27d0c9b1d686768e177", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809973", "to_ids": true, "type": "sha256", "uuid": "9d2f3d8a-a401-4b78-ab4e-8527f969111d", "value": "7874a10e551377d50264da5906dc07ec31b173dee18867f88ea556ad70d8f094", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809349", "to_ids": true, "type": "ssdeep", "uuid": "411a2ad2-ca07-4a0e-85dd-4ccb7471a913", "value": "1536:PO2OFwdpwpjJb9Qk+aLkVYgm3RDcVsgzv4Hestcs:W29z4jJxcaLiYgQWsgUH7L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809349", "to_ids": false, "type": "size-in-bytes", "uuid": "3651af2d-5b67-4555-8ec1-1847fbf33b2e", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809349", "to_ids": true, "type": "vhash", "uuid": "d4558f57-56f7-416b-b9d6-cc6a75a3bfe0", "value": "06406e751d1e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809349", "to_ids": true, "type": "filename", "uuid": "b5741df5-1a2a-4355-a06e-6b4cd41f28ef", "value": "production.dll" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809349", "to_ids": false, "type": "text", "uuid": "25310490-4e25-47b0-9df4-893062bc146a", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:56/73\nFirst Submission:2015-07-28T11:00:27.000000+00:00\nLast Submission:2022-08-16T09:24:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810283", "uuid": "fca60284-f11d-4d6c-9345-663411787a1e", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810283", "to_ids": true, "type": "md5", "uuid": "7ef82c90-2752-4609-9041-20bb008bc367", "value": "ed55997aada076dc61e20e1d1218925a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809974", "to_ids": true, "type": "sha1", "uuid": "b18cd645-9e3d-41c3-bfe2-904f8f83d524", "value": "1cbe4e22b034ee8ea8567e3f8eb9426b30d4affe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809974", "to_ids": true, "type": "sha256", "uuid": "d860729e-d586-4823-b7eb-f5cf0dbf7dd6", "value": "edb16d3ccd50fc8f0f77d0875bf50a629fa38e5ba1b8eeefd54468df97eba281", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809371", "to_ids": true, "type": "ssdeep", "uuid": "02906e4b-6a98-4931-8666-5a37293841e3", "value": "1536:Ktsm70hrUrRM/sApxCg/U9T5S8Et1m3T2teQnABOpE0s9:KR0u2X3ZuS8Cm3T21nXg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809371", "to_ids": false, "type": "size-in-bytes", "uuid": "3ba4554b-635b-4930-8bff-47f87ba060fb", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809371", "to_ids": true, "type": "vhash", "uuid": "aeeaf13f-d57c-46ea-ad79-87cbc0f9fc4e", "value": "06406e751d1e55151\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809371", "to_ids": true, "type": "filename", "uuid": "f2927dd4-5c6b-4d82-bdca-8bde8fa9f109", "value": ".bat" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 29/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809371", "to_ids": false, "type": "text", "uuid": "dbc69900-7dbe-45d9-9571-e937b8454fa4", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:56/72\nFirst Submission:2015-12-26T18:57:04.000000+00:00\nLast Submission:2022-11-27T06:10:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810304", "uuid": "3db9c0f6-561b-48ae-82d1-f76b07b2828d", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810304", "to_ids": true, "type": "md5", "uuid": "ddb3d2c9-c1b7-443f-b364-b3093c6c84aa", "value": "18e7885eab07ebfb6d1c9303b992ca21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809975", "to_ids": true, "type": "sha1", "uuid": "10811c5e-acb6-47a6-8716-cbf8bdba75f4", "value": "20901cc767055f29ca3b676550164a66f85e2a42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809975", "to_ids": true, "type": "sha256", "uuid": "db8880ad-798d-4ebe-a76d-86981e018f89", "value": "32d3121135a835c3347b553b70f3c4c68eef711af02c161f007a9fbaffe7e614", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809393", "to_ids": true, "type": "ssdeep", "uuid": "3fa6a115-ba06-4249-bdc9-0e02c9dd005d", "value": "768:ZYC/AVyOtMekwgNrvtN33eC92DgWHaQLy7K8TaAX2x19KOJoa:L/AVLtLkN33qDNYTaAXM19Kza" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809393", "to_ids": false, "type": "size-in-bytes", "uuid": "3eb3e13e-5d80-48e3-afc9-877f0c82e5fe", "value": "52112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809393", "to_ids": true, "type": "vhash", "uuid": "9748ab46-6774-40d0-af55-da446041be1f", "value": "054086651d151e55151c7iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809393", "to_ids": true, "type": "filename", "uuid": "486530d6-d00c-444f-ac04-855af8e4934c", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 21/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809393", "to_ids": false, "type": "text", "uuid": "87a49eb0-91d8-46eb-b92f-f14bd6bfa949", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Phdet.C\nVT Total Detection:59/72\nFirst Submission:2015-07-30T12:33:21.000000+00:00\nLast Submission:2024-02-06T02:04:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810326", "uuid": "22c4cda4-1b33-4c70-9fdb-391351b93161", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810326", "to_ids": true, "type": "md5", "uuid": "a8be7c40-0f75-44ba-8ed2-6e5800309ac4", "value": "c2fb8a309aef65e46323d6710ccdd6ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809977", "to_ids": true, "type": "sha1", "uuid": "114abe9c-672e-40a2-9f4f-730687076c53", "value": "2c1260fd5ceaef3b5cb11d702edc4cdd1610c2ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809977", "to_ids": true, "type": "sha256", "uuid": "2611b5d2-a0e8-4c0a-9306-b132f47fca19", "value": "90ba78b6710462c2d97815e8745679942b3b296135490f0095bdc0cd97a34d9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809414", "to_ids": true, "type": "ssdeep", "uuid": "1408088a-977b-47c3-b6fa-8831b776c239", "value": "768:GYC/AVyOtMekwANrvtN33Mcou3GHLNFRA3VMfdY0v8IRr4B0QmMXG:s/AVLtLkt33DbwPu32fvRo0QmMXG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809414", "to_ids": false, "type": "size-in-bytes", "uuid": "73a5f9e7-f542-4251-9647-22000c96a6ac", "value": "52112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809414", "to_ids": true, "type": "vhash", "uuid": "b13532d0-cac1-4b09-bf6f-e490d07eac51", "value": "054086651d151e55151c7iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809414", "to_ids": true, "type": "filename", "uuid": "d4243915-6e44-4ad0-8de9-afa33df8eafb", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 19/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809414", "to_ids": false, "type": "text", "uuid": "ca863524-5602-47e9-878a-7fe81807590b", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Phdet.C\nVT Total Detection:52/72\nFirst Submission:2015-12-30T09:36:00.000000+00:00\nLast Submission:2022-08-16T11:43:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810348", "uuid": "b20d9c9b-4142-4fe2-b5e7-5135826fecbb", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810348", "to_ids": true, "type": "md5", "uuid": "35b3b46d-942d-4b6e-b2cf-6a9afb1dd185", "value": "979413f9916e8462e960a4eb794824fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809978", "to_ids": true, "type": "sha1", "uuid": "8ba26462-6ac9-4061-bfd6-8194fbea08e4", "value": "2d805bca41aa0eb1fc7ec3bd944efd7dba686ae1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809978", "to_ids": true, "type": "sha256", "uuid": "bb9c00f8-8c69-49e5-8d42-25920adac94e", "value": "5111de45210751c8e40441f16760bf59856ba798ba99e3c9532a104752bf7bcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809436", "to_ids": true, "type": "ssdeep", "uuid": "f73dd938-70d5-471f-91a1-37de967b4522", "value": "768:m4WwK0Tumlg42CHSNrvJe7KwiEKXqdsHbr/gBKnaUnff+U/RVzz0UXLLMs0Gaqf:mjiJyMge8/XZv/baCmU/vrUuT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809436", "to_ids": false, "type": "size-in-bytes", "uuid": "ef5f7584-82a5-47ba-bfc3-0cc1db45798f", "value": "50064" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809436", "to_ids": true, "type": "vhash", "uuid": "57779b02-e220-407c-bdbd-d47fd9407144", "value": "054086651d151e55151c7jzfxz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809436", "to_ids": true, "type": "filename", "uuid": "15172d58-a0e3-4469-8fdd-fa4714189832", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 14/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809436", "to_ids": false, "type": "text", "uuid": "674b2e2f-53b4-49bf-a253-51033e677a8e", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Phdet.C\nVT Total Detection:56/72\nFirst Submission:2015-11-06T12:41:25.000000+00:00\nLast Submission:2022-08-15T23:43:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810369", "uuid": "aee5d4f5-8392-45d4-b2e8-a223a81ba537", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810369", "to_ids": true, "type": "md5", "uuid": "26731abf-5f0a-4e56-8d3d-8f13103fc8a5", "value": "e60854c96fab23f2c857dd6eb745961c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809979", "to_ids": true, "type": "sha1", "uuid": "3f7b9c24-912e-4c6b-b2f6-2707e3458bcc", "value": "4bc2bbd1809c8b66eecd7c28ac319b948577de7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809979", "to_ids": true, "type": "sha256", "uuid": "5d53e7d8-c16d-433d-a95a-e9b304737be8", "value": "244dd8018177ea5a92c70a7be94334fa457c1aab8a1c1ea51580d7da500c3ad5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809458", "to_ids": true, "type": "ssdeep", "uuid": "da5114e0-1c10-4d9d-a6a1-d1a4a4d8e4d6", "value": "1536:ZotE8TK/Jv20Q0Oti7SSoWArcYU5u9tly+0OazRy:yTK/Jv20FKiWpdoYU5gqOazRy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809458", "to_ids": false, "type": "size-in-bytes", "uuid": "ea7ab006-905f-4629-832a-a463c1a3cc70", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809458", "to_ids": true, "type": "vhash", "uuid": "4fc5814a-f755-4d1b-9103-be5f6c36cd2e", "value": "06406e751d1e55151iz64xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809458", "to_ids": true, "type": "filename", "uuid": "333140c6-f2a7-46be-9033-b794778704a9", "value": ".exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 27/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809458", "to_ids": false, "type": "text", "uuid": "05c5ce5d-01fe-4754-9013-2997ffab38b8", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:60/72\nFirst Submission:2015-10-09T16:26:08.000000+00:00\nLast Submission:2022-11-27T06:11:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810391", "uuid": "e2fd8d65-c906-4dbe-bbf0-41c4be8c1c97", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810391", "to_ids": true, "type": "md5", "uuid": "3add9d57-1235-40e9-87da-eaf16defa11b", "value": "97d6d1b36171bc3eafdd0dc07e7a4d2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809980", "to_ids": true, "type": "sha1", "uuid": "fcdced7d-d657-4685-9383-5ea9ab4eacdd", "value": "502bd7662a553397bbdcfa27b585d740a20c49fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809980", "to_ids": true, "type": "sha256", "uuid": "187ac3b7-83f1-4c27-9f54-877bf85a56a0", "value": "405013e66b6f137f915738e5623228f36c74e362873310c5f2634ca2fda6fbc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809480", "to_ids": true, "type": "ssdeep", "uuid": "ca1361d7-7a7f-4367-8e42-ad9b9ea4287a", "value": "1536:9xV7GTbLRocjhGdnQbyLwW+9Ti/eB3B1CuJN:9uTbbt3iy9e/et" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809480", "to_ids": false, "type": "size-in-bytes", "uuid": "9283c289-c828-4f8f-a0ec-9a9989f59876", "value": "62464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809480", "to_ids": true, "type": "vhash", "uuid": "f116ff61-12f9-40eb-9b61-62d5244e1e01", "value": "06407e751d150e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809480", "to_ids": true, "type": "filename", "uuid": "5d8e15f9-4e1f-4095-a5cf-14a612e2bfe8", "value": "\u4e3b\u8981.bat" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 24/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809480", "to_ids": false, "type": "text", "uuid": "36e92bc2-ea92-4b98-b88d-593ef192fa74", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.C\nVT Total Detection:60/72\nFirst Submission:2015-11-13T17:22:06.000000+00:00\nLast Submission:2022-11-25T21:10:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810413", "uuid": "dc8de794-7a7c-4b13-aac7-4a91bd2461c6", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810413", "to_ids": true, "type": "md5", "uuid": "8f633014-d266-4220-97a8-db2ec0b67fd9", "value": "0d2022d6148f521c43b9573cd79ead54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809981", "to_ids": true, "type": "sha1", "uuid": "380adedf-82d2-450d-b4f9-c3b5d6911235", "value": "84248bc0ac1f2f42a41cfffa70b21b347ddc70e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809981", "to_ids": true, "type": "sha256", "uuid": "a70cc84e-6698-4e2f-96c2-f9d35a8915b6", "value": "166ba02539d3ea8cd1298d916fad1264a815f55798df5477698b7d775542b696", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809522", "to_ids": true, "type": "ssdeep", "uuid": "d88f0e71-78c5-4c9b-bd93-da742972f91b", "value": "1536:oBG8ukKmkMCc3nclbrGi2tAksnme9Ck/JN:oBdsMncNSrcmj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809522", "to_ids": false, "type": "size-in-bytes", "uuid": "bd029fb7-8ac1-49e4-ab69-20ef0fcb63ff", "value": "62464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809522", "to_ids": true, "type": "vhash", "uuid": "19138a78-1755-4fde-90ae-438d1f98aa7d", "value": "06407e751d150e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809522", "to_ids": true, "type": "filename", "uuid": "6845ea92-ac1b-4e27-8f81-a9435c0da328", "value": "\u958b\u767c.dll" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 14/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809522", "to_ids": false, "type": "text", "uuid": "2f0f217a-99eb-4217-816b-eb884537100f", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:54/72\nFirst Submission:2015-07-29T11:19:12.000000+00:00\nLast Submission:2022-11-25T21:12:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810434", "uuid": "17395008-447a-4bf3-90cf-d5105fd8986c", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810434", "to_ids": true, "type": "md5", "uuid": "aa8dfe86-cf90-44c8-a355-5425714ce620", "value": "66b96dcef158833027fcf222004b64d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809983", "to_ids": true, "type": "sha1", "uuid": "3dd6190b-f863-4b94-bda4-901b769f983a", "value": "bd87cf5b66e36506f1d6774fd40c2c92a196e278", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809983", "to_ids": true, "type": "sha256", "uuid": "2f054e41-6a45-4914-be61-a61c6543be8f", "value": "cfb20e7516b42486d11c59021a8be8a457ee1fa0d0be6d5d958e80b3cfeb04ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809608", "to_ids": true, "type": "ssdeep", "uuid": "e5cca681-5b91-4c9f-9945-050d87f24d18", "value": "768:HYC/AVyOtMekwgNrvtN33oyXRfBqjhfQx0x3iCFZPgyxHl/gFDxojXPlA:V/AVLtLkN33oyBfBfxq3DQWHlkGi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809608", "to_ids": false, "type": "size-in-bytes", "uuid": "cd541450-bf8e-4553-b10c-3883697ac0ae", "value": "52112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809608", "to_ids": true, "type": "vhash", "uuid": "8abb01f8-595a-4f5d-aed9-4a4094440bb7", "value": "054086651d151e55151c7iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809608", "to_ids": true, "type": "filename", "uuid": "02625725-2777-4db5-8c72-b714beda8285", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 16/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809608", "to_ids": false, "type": "text", "uuid": "c83ce9bb-e894-4e0b-9930-70ed6547bdb4", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Phdet.C\nVT Total Detection:58/72\nFirst Submission:2015-07-27T13:52:13.000000+00:00\nLast Submission:2022-08-15T21:24:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810455", "uuid": "22a3e6d4-85b4-4ce9-89eb-061218a19390", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810455", "to_ids": true, "type": "md5", "uuid": "934b198e-70d8-4d6c-8ba2-453b34f5903b", "value": "a0b7b80c3c1d9c1c432a740fa17c6126", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809983", "to_ids": true, "type": "sha1", "uuid": "8c68f6be-57b4-4b19-b50f-d4096cce4d3b", "value": "be319672a87d0dd1f055ad1221b6ffd8c226a6e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809984", "to_ids": true, "type": "sha256", "uuid": "71c403eb-48d4-468d-b778-11b07d308161", "value": "7a393b3eadfc8938cbecf84ca630e56e37d8b3d23e084a12ea5a7955642db291", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809630", "to_ids": true, "type": "ssdeep", "uuid": "ccd16d80-a3ab-4b43-b090-8192008f6e81", "value": "1536:Dj/oKq1dELk8bnyOGkaYhU5DcZVsDzykVZaJN:PAKq1CHn1U5oZ+3ycZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809630", "to_ids": false, "type": "size-in-bytes", "uuid": "d00e32e7-42c1-4093-9663-7922dcd2aaf1", "value": "62464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809630", "to_ids": true, "type": "vhash", "uuid": "d8807d07-7a9d-4cc2-96ff-ed2902936cbf", "value": "06407e751d150e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809630", "to_ids": true, "type": "filename", "uuid": "1d9bc6dd-87dd-4fc6-b270-a9922614e60f", "value": "\u7522.js" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 02/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809630", "to_ids": false, "type": "text", "uuid": "0bcda79b-e896-41bd-8757-9854e57b6b61", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:61/72\nFirst Submission:2015-07-27T06:15:13.000000+00:00\nLast Submission:2022-11-25T21:12:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810477", "uuid": "875954e7-5b59-41e2-9d0b-6dfbfa05b88b", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810477", "to_ids": true, "type": "md5", "uuid": "bf6df1fe-4ab7-4cc8-b601-bc0cf31b77a5", "value": "0037b485aa6938ba2ead234e211425bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809985", "to_ids": true, "type": "sha1", "uuid": "a2c6cf86-385b-4a6a-96f0-ca42108b6fc6", "value": "c7e919622d6d8ea2491ed392a0f8457e4483eae9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809985", "to_ids": true, "type": "sha256", "uuid": "da425d71-ab0e-4e24-85db-7ea9103ddd55", "value": "cbc4b0aaa30b967a6e29df452c5d7c2a16577cede54d6d705ca1f095bd6d4988", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809651", "to_ids": true, "type": "ssdeep", "uuid": "8aefe3ea-a30e-46a7-81dc-f46dd671cd86", "value": "768:2YC/AVyOtMekwANrvtN33HcaUVS0mJSQk6Ob+Fmx3zztRYi:8/AVLtLkt33HctVDlZb+FQ3zztRYi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809651", "to_ids": false, "type": "size-in-bytes", "uuid": "054bb092-5509-48bc-971c-8ad01401546a", "value": "52112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809651", "to_ids": true, "type": "vhash", "uuid": "19644074-c9e1-49fc-a4d0-753b58ed4258", "value": "054086651d151e55151c7iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809651", "to_ids": true, "type": "filename", "uuid": "68b92eb3-c3d9-4f5d-928c-4c206f287860", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 14/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809651", "to_ids": false, "type": "text", "uuid": "25667c7c-ee53-463b-91e6-f7f9369e9b04", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.C\nVT Total Detection:58/72\nFirst Submission:2015-06-05T12:50:18.000000+00:00\nLast Submission:2022-08-16T09:27:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810498", "uuid": "1e49a726-aa0f-4711-aeee-1cd4c0e69677", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810498", "to_ids": true, "type": "md5", "uuid": "e1f9d387-0d49-4c4f-ae54-b4300565e310", "value": "60d3185aff17084297a2c4c2efdabdc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809986", "to_ids": true, "type": "sha1", "uuid": "c2a177d8-4313-4b56-8561-8edc5f7118f3", "value": "cd07036416b3a344a34f4571ce6a1df3cbb5783f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809986", "to_ids": true, "type": "sha256", "uuid": "4c8ecb75-1e42-4421-915d-4b3edf77869a", "value": "ac13b819379855af80ea3499e7fb645f1c96a4a6709792613917df4276c583fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809673", "to_ids": true, "type": "ssdeep", "uuid": "222fe09e-4019-4866-9501-56b4346d8cc9", "value": "1536:7oxO5wsespvH+bpGWet2fQFMR+P1QGuW8egl4btep9mvqUR:aaUMf+pet2fQ+gdQGQlMK4v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809673", "to_ids": false, "type": "size-in-bytes", "uuid": "323c724c-098f-4bd2-98ef-193dc9504d81", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809673", "to_ids": true, "type": "vhash", "uuid": "a64f8606-efb6-4c98-91a8-80b7bd6e1d6c", "value": "06407e751d150e55151iz66xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809673", "to_ids": true, "type": "filename", "uuid": "5077d8d1-7bd2-4c92-98a6-9a31fe8f8aea", "value": "\u6709\u6548\u8ca0\u8f09.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 07/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809673", "to_ids": false, "type": "text", "uuid": "d479bb48-1ef4-457c-bfe8-fd418aa30723", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/72\nFirst Submission:2015-12-25T21:09:40.000000+00:00\nLast Submission:2022-11-26T05:43:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810519", "uuid": "a37a9bc2-3ab9-46fe-999a-086d2382f270", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810519", "to_ids": true, "type": "md5", "uuid": "6aa20a4b-c0df-48c1-849a-6039d03bbd27", "value": "2cae5e949f1208d13150a9d492a706c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809987", "to_ids": true, "type": "sha1", "uuid": "6c425048-b55e-459a-b5da-eb56f306f726", "value": "e1c2b28e6a35aeadb508c60a9d09ab7b1041afb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809987", "to_ids": true, "type": "sha256", "uuid": "e7f92923-7335-4717-a503-8ef051470ed4", "value": "edcd1722fdc2c924382903b7e4580f9b77603110e497393c9947d45d311234bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809716", "to_ids": true, "type": "ssdeep", "uuid": "05c4aaeb-be61-4b0e-9201-942b419190b6", "value": "1536:mww5nDEelFdND/pqpCBeuzznM6v7zkSHTg+BfQC0NSs:fIFrHnM6v7wv+BfQ3P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809716", "to_ids": false, "type": "size-in-bytes", "uuid": "3b190fac-ad06-4227-bb4c-84b287dc41c5", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809716", "to_ids": true, "type": "vhash", "uuid": "69b7b779-c761-4a47-a2fd-f51f0aeb9f73", "value": "06406e751d1e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809716", "to_ids": true, "type": "filename", "uuid": "b03afd6f-b5bf-4b9a-9c91-77499371d34b", "value": ".bat" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809716", "to_ids": false, "type": "text", "uuid": "654818f8-9a59-4dbc-9fff-6e8515ae9323", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:54/72\nFirst Submission:2015-12-30T00:30:47.000000+00:00\nLast Submission:2022-11-27T06:15:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810540", "uuid": "2067fac5-637a-48d0-ab5c-50467cc3df7b", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810540", "to_ids": true, "type": "md5", "uuid": "bc4c0e74-831a-49b1-835b-5e9d2365c6db", "value": "d98f4fc6d8bb506b27d37b89f7ce89d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809988", "to_ids": true, "type": "sha1", "uuid": "443b5375-f06e-4fe0-ad8e-d3f0e4ebb30a", "value": "e40f0d402fdcba6dd7467c1366d040b02a44628c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809988", "to_ids": true, "type": "sha256", "uuid": "21b079a7-6239-4398-a365-da74496b0f06", "value": "1ce0dfe1a6663756a32c69f7494ad082d293d32fe656d7908fb445283ab5fa68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809738", "to_ids": true, "type": "ssdeep", "uuid": "c6e82704-4a3a-4b74-9901-8e4ad80f87e8", "value": "768:gYC/AVyOtMekwgNrvtN33k7rzlOkvUrOTiuxBcCKIdJ0YKGdysVqHQEK:y/AVLtLkN33ILsrA+8J0YKLuyI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809738", "to_ids": false, "type": "size-in-bytes", "uuid": "1157557a-a76c-4117-a1f6-aa44c0c542c1", "value": "52112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809738", "to_ids": true, "type": "vhash", "uuid": "b3c0d428-9577-4ab9-b3e1-c5676611e70e", "value": "054086651d151e55151c7iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809738", "to_ids": true, "type": "filename", "uuid": "099d950c-ad06-4cc0-85a4-7b9e73721a78", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 19/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809738", "to_ids": false, "type": "text", "uuid": "18218608-b591-42b4-a9e7-0ac778c9dabf", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Phdet.C\nVT Total Detection:55/72\nFirst Submission:2015-10-27T10:06:06.000000+00:00\nLast Submission:2022-08-16T11:45:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810562", "uuid": "a653987a-2bcc-4b19-bd44-2be29f08e01e", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810562", "to_ids": true, "type": "md5", "uuid": "fed84150-fc3a-4b22-800e-0bf4f67e0167", "value": "4354d590d056df19b7b55b3d95fcfdde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809989", "to_ids": true, "type": "sha1", "uuid": "c2b0a211-8386-45cd-9519-dc7e0df13bff", "value": "e5a2204f085c07250da07d71cb4e48769328d7dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809989", "to_ids": true, "type": "sha256", "uuid": "c5bfd315-19fd-4484-96a2-5e8e42e0ca56", "value": "ed080c2635180f27c8d288e96c1105d0914dc1bb55917d2f5f2538fc32974aa2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809759", "to_ids": true, "type": "ssdeep", "uuid": "035bcb39-2130-46af-bbf5-1b7b004650f0", "value": "768:ivpwhjugCxk6mm6CzSNrvO4x+97vXbBoc6x3EmzhVuZFQMHKn4vrjQs5dQdnvfHz:iwLCSFefsYzLBYx3dzoOMuUAsvWJln" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809759", "to_ids": false, "type": "size-in-bytes", "uuid": "e6a68cdf-1161-42aa-aa2c-5361434f99c7", "value": "51088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809759", "to_ids": true, "type": "vhash", "uuid": "8234db8a-5f62-4a89-b82f-c5935ee964ba", "value": "0540966c051f151e15151iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809759", "to_ids": true, "type": "filename", "uuid": "c74625e0-bf57-4464-adbc-bda50a711412", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 14/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809759", "to_ids": false, "type": "text", "uuid": "f5c2a2e1-51c2-42e5-90d1-b132fcf27363", "value": "BlackEnergy drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet!rfn\nVT Total Detection:49/72\nFirst Submission:2016-02-23T07:45:03.000000+00:00\nLast Submission:2022-08-15T23:45:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810583", "uuid": "db52a017-5759-4271-911d-3027a21b4bd0", "Attribute": [ { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810583", "to_ids": true, "type": "md5", "uuid": "b89a0db2-169a-4840-9e9e-0b08bf52dac2", "value": "cd1aa880f30f9b8bb6cf4d4f9e41ddf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809991", "to_ids": true, "type": "sha1", "uuid": "df7959d4-26b9-45aa-98bd-c46f85eb70e2", "value": "16f44fac7e8bc94eccd7ad9692e6665ef540eec4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809991", "to_ids": true, "type": "sha256", "uuid": "adca9705-4014-4ee3-b2ea-1b14cbe2e160", "value": "5d2b1abc7c35de73375dd54a4ec5f0b060ca80a1831dac46ad411b4fe4eac4c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809781", "to_ids": true, "type": "ssdeep", "uuid": "57db76e4-4058-4b99-a720-7a3e42fe3dab", "value": "1536:Lu/ydBbJe7LkXIkTYkT+5FTd/+J85fUBGtml:aoY7LUTCTdGJOcQtml" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809781", "to_ids": false, "type": "size-in-bytes", "uuid": "545d1c21-5eae-465c-ad51-b0e5f69c2531", "value": "90112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809781", "to_ids": true, "type": "vhash", "uuid": "1fb5c5e1-10ac-4347-adfe-18dfdcdf3691", "value": "094046655d151148z7cz23z13z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809781", "to_ids": true, "type": "filename", "uuid": "65cf54d8-6e6c-4eb4-9c16-dbe156ebc070", "value": ".bat" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809781", "to_ids": false, "type": "text", "uuid": "b72d1cff-63ce-4617-965a-bc706dad7dd2", "value": "KillDisk-component\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malagent!MSR\nVT Total Detection:61/72\nFirst Submission:2015-10-25T01:31:24.000000+00:00\nLast Submission:2025-01-02T20:24:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810604", "uuid": "c9d5a8ca-cbb8-4a04-bd43-e42664ef07b3", "Attribute": [ { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810604", "to_ids": true, "type": "md5", "uuid": "71dd247a-06a8-4f08-a15d-763450082afa", "value": "72bd40cd60769baffd412b84acc03372", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809992", "to_ids": true, "type": "sha1", "uuid": "c6b4e591-3c00-477f-bebf-96414e87961e", "value": "8ad6f88c5813c2b4cd7abab1d6c056d95d6ac569", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809992", "to_ids": true, "type": "sha256", "uuid": "a300420a-5016-49d1-a1a1-ba32c7a396c4", "value": "f52869474834be5a6b5df7f8f0c46cbc7e9b22fa5cb30bee0f363ec6eb056b95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809803", "to_ids": true, "type": "ssdeep", "uuid": "f68285a0-b278-4c85-b655-ee7d6ff5ed53", "value": "1536:vs/rn8gU/M3p1thokZGqKTRSpEvMfC6+iLPLvXta:5dwhURSpUMfCvirLPta" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809803", "to_ids": false, "type": "size-in-bytes", "uuid": "f6173d91-3033-4fc8-abcc-3c1124470345", "value": "110592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809803", "to_ids": true, "type": "vhash", "uuid": "0c82e24d-b996-4ba8-b63a-9ce6aabeb698", "value": "015046655d151138z73bz23z13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809803", "to_ids": true, "type": "filename", "uuid": "b99dde72-9e24-4c95-b94c-591c738682f2", "value": "release.bat" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809803", "to_ids": false, "type": "text", "uuid": "125dac59-5b74-4cb4-81d4-3875f2301cf4", "value": "KillDisk-component\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:62/72\nFirst Submission:2015-11-10T09:31:41.000000+00:00\nLast Submission:2025-01-02T20:23:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810625", "uuid": "c4ef48fd-25dc-4cfa-bf72-6aba91f2f524", "Attribute": [ { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810625", "to_ids": true, "type": "md5", "uuid": "69a14909-177f-46e3-b82a-59bce14efc62", "value": "66676deaa9dfe98f8497392064aefbab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809993", "to_ids": true, "type": "sha1", "uuid": "ee880c8e-2c5d-4554-8279-3803980d3bce", "value": "6d6ba221da5b1ae1e910bbeaa07bd44aff26a7c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809993", "to_ids": true, "type": "sha256", "uuid": "e509c2da-33df-4e11-8ec2-ccbea89ede13", "value": "11b7b8a7965b52ebb213b023b6772dd2c76c66893fc96a18a9a33c8cf125af80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809825", "to_ids": true, "type": "ssdeep", "uuid": "500e9073-56ce-46c6-9f2b-6cafc18ae157", "value": "1536:48cluldXhhm0ACyX5xgrkOTJ939LE1suyZNhtaDddO5yZbQwoBBmxGtTK:G+jmaagL39A1sfNPIv+y1QwoB8gtTK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809825", "to_ids": false, "type": "size-in-bytes", "uuid": "0aa9f76c-92bc-4b36-a6e1-a5d6ad721d75", "value": "126976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809825", "to_ids": true, "type": "vhash", "uuid": "33afeb2f-6978-4b01-b7d8-75352072f5d2", "value": "015046651d151148z7cz23z13z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809825", "to_ids": true, "type": "filename", "uuid": "c66e7af9-7882-4cb2-bf8e-89ef2a375cd8", "value": "ololo.bin" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809825", "to_ids": false, "type": "text", "uuid": "42f3c76d-425c-49b4-9168-71af3fe4a000", "value": "KillDisk-component\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Detplock\nVT Total Detection:61/72\nFirst Submission:2015-10-25T23:07:26.000000+00:00\nLast Submission:2025-01-02T20:24:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810647", "uuid": "75ad65a1-84af-4c98-bf24-5751de2b31d1", "Attribute": [ { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810647", "to_ids": true, "type": "md5", "uuid": "0990755a-af6d-40aa-b295-bf360825ac91", "value": "7361b64ddca90a1a1de43185bd509b64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809994", "to_ids": true, "type": "sha1", "uuid": "13891cd7-41c8-4d17-b92a-d4e32d15808e", "value": "f3e41eb94c4d72a98cd743bbb02d248f510ad925", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk-component", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809994", "to_ids": true, "type": "sha256", "uuid": "aaa0a181-2fdd-4013-8530-2ceabf2886ac", "value": "c7536ab90621311b526aefd56003ef8e1166168f038307ae960346ce8f75203d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809846", "to_ids": true, "type": "ssdeep", "uuid": "58566286-5f94-4bdd-b743-a86b6e76287b", "value": "1536:RFFgWOBN33zBLLCJ3qpgAXb84sXyA7oi0klOEI6toKtdw:9NEJlLLzLb4I6toKtdw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809846", "to_ids": false, "type": "size-in-bytes", "uuid": "0ffb581f-4089-4410-aaf2-5432781842d8", "value": "98304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809846", "to_ids": true, "type": "vhash", "uuid": "d569677d-3397-4aae-9f2a-924698e17c99", "value": "094046655d151088z6dbz23z13z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809846", "to_ids": true, "type": "filename", "uuid": "27bd6e3c-d05d-4201-b18a-fffc28ea724b", "value": "main.js" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 11/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809846", "to_ids": false, "type": "text", "uuid": "10d895bf-e2e1-4f54-aecb-d4d312010848", "value": "KillDisk-component\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/KillDisk.M\nVT Total Detection:61/72\nFirst Submission:2015-12-23T22:34:19.000000+00:00\nLast Submission:2022-08-16T14:04:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810668", "uuid": "90b9e0ae-5143-4e67-bbdc-f29fe9953ff0", "Attribute": [ { "category": "Payload delivery", "comment": "VBS/Agent.AD trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810668", "to_ids": true, "type": "md5", "uuid": "68b34edb-ff81-4b54-b5ec-73ca3dec7d43", "value": "0af5b1e8eaf5ee4bd05227bf53050770", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VBS/Agent.AD trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809996", "to_ids": true, "type": "sha1", "uuid": "62fa7d4b-036a-49ae-a497-9370ad2bd8ad", "value": "72d0b326410e1d0705281fde83cb7c33c67bc8ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VBS/Agent.AD trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809996", "to_ids": true, "type": "sha256", "uuid": "08f6451c-8aa5-46d9-ab0d-75f08cf8f376", "value": "b90f268b5e7f70af1687d9825c09df15908ad3a6978b328dc88f96143a64af0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809868", "to_ids": true, "type": "ssdeep", "uuid": "30a9dec1-0e19-4b60-be9b-89594e57c57e", "value": "3:jaPFEm8nhmCeRoakvugo/XKVhZotkqQBhKVhLXqFGpBlypB3gWA:j6NqhmCOoLvugoXOfAk1hKVd6kNiqWA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809868", "to_ids": false, "type": "size-in-bytes", "uuid": "b4969c6b-2424-47f6-8952-37cb5f3c57d6", "value": "165" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809868", "to_ids": true, "type": "vhash", "uuid": "09bd4de3-e987-4f66-a55c-60a57a820535", "value": "d1750ea90596bb4e7cd6479d6b7d019e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809868", "to_ids": true, "type": "filename", "uuid": "da73be2e-a1eb-4ec9-bc21-660e86a1e3db", "value": "Blackenergy_b90f268b5e7f70af1687d9825c09df15908ad3a6978b328dc88f96143a64af0f" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 17/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809868", "to_ids": false, "type": "text", "uuid": "4d47d003-35c5-47fa-9da0-a50ca088f175", "value": "VBS/Agent.AD trojan\r\nType Description: VBA\nMicrosoft: Trojan:VBS/Dorbear.A\nVT Total Detection:30/62\nFirst Submission:2015-10-13T10:51:25.000000+00:00\nLast Submission:2024-05-08T19:26:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771810691", "uuid": "3a8c7e3c-6106-4b30-8767-a308dbab8c96", "Attribute": [ { "category": "Payload delivery", "comment": "Win32/SSHBearDoor.A trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771810691", "to_ids": true, "type": "md5", "uuid": "76b33617-929b-4992-adfd-261ab8d2cf25", "value": "fffeaba10fd83c59c28f025c99d063f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Win32/SSHBearDoor.A trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771809997", "to_ids": true, "type": "sha1", "uuid": "e6ea7257-7b5d-48db-a57c-0e424db7a9ab", "value": "166d71c63d0eb609c4f77499112965db7d9a51bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Win32/SSHBearDoor.A trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771809997", "to_ids": true, "type": "sha256", "uuid": "edc043fb-0438-4d64-8ce3-75ec72480b36", "value": "0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771809890", "to_ids": true, "type": "ssdeep", "uuid": "7af3ff96-9b26-47e7-960b-e6ef00023442", "value": "3072:eJsQ8wmYajbs0mokp8XzsQmfp1543sDEinXPedm6NKe0j7Z39f2m9TEsngIpRN:xLHjPmokpCqO8r6n4Tnh5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771809890", "to_ids": false, "type": "size-in-bytes", "uuid": "5b2cc919-730e-45b8-93e5-025640260bf8", "value": "303152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771809890", "to_ids": true, "type": "vhash", "uuid": "1f007a22-39ef-4cb9-9523-887dd28bef56", "value": "0350d76d555c0d1515551bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771809890", "to_ids": true, "type": "filename", "uuid": "729b5072-37a2-4d71-a268-d34155eb75b3", "value": "\u6709\u6548\u8ca0\u8f09.bat" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 03/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771809890", "to_ids": false, "type": "text", "uuid": "d1e444c0-cc96-42b7-8335-72a2196422e0", "value": "Win32/SSHBearDoor.A trojan\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dorbear.A\nVT Total Detection:57/72\nFirst Submission:2015-06-25T09:16:03.000000+00:00\nLast Submission:2025-01-21T03:03:43.000000+00:00" } ] } ] } }