{ "Event": { "analysis": "1", "date": "2024-02-04", "extends_uuid": "", "info": "[Threat Intel] ICS malware analysis study: BlackEnergy", "protected": false, "publish_timestamp": "1772407432", "published": true, "threat_level_id": "2", "timestamp": "1772407429", "uuid": "5697e940-fa73-4440-84d0-691be24f98ca", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"GreyEnergy\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772348202", "to_ids": false, "type": "link", "uuid": "95df3758-d9d4-4d53-97e2-ef29a38fc1e9", "value": "https://www.incibe.es/sites/default/files/2024-02/INCIBE-CERT_ICS_ANALYSIS_STUDY_BLACKENERGY_2024_v1.0.pdf" }, { "category": "Payload delivery", "comment": "Drivers No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772352123", "to_ids": true, "type": "sha1", "uuid": "8ee3d5d9-c3b1-40cc-ac0d-b99ab1135193", "value": "a427b264c1bd2712d1178912753bac051a7a2f6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772352124", "to_ids": true, "type": "sha1", "uuid": "a0e26c51-b45b-4cee-9b5d-232c3d499a68", "value": "b05e577e002c510e7ab11b996a1cd8fe8fdada0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352889", "to_ids": true, "type": "ip-dst", "uuid": "7415748e-cb8b-4d8f-a4f8-4249c277c0d3", "value": "5.149.254.114", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352910", "to_ids": true, "type": "ip-dst", "uuid": "53881ed2-ec77-49bf-bd5e-da55752f89ab", "value": "5.9.32.230", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352932", "to_ids": true, "type": "ip-dst", "uuid": "b83bcd17-9b04-4d8c-91ae-ba76be5d1f9f", "value": "31.210.111.154", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352953", "to_ids": true, "type": "ip-dst", "uuid": "cbd3c171-4ffc-41f9-9d6b-cb2e8b2bd74e", "value": "88.198.25.92", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352974", "to_ids": true, "type": "ip-dst", "uuid": "b97c9128-f35e-4e77-8c32-d18ad8ae0740", "value": "146.0.74.7", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772352995", "to_ids": true, "type": "ip-dst", "uuid": "ef2f0344-6aa8-446e-b23c-28a496641fdd", "value": "188.40.8.72", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1772349092", "uuid": "f56f5443-3431-43ae-9df8-9b2773fe3480", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1772349092", "to_ids": false, "type": "text", "uuid": "d0a972b8-3897-485c-ab80-9589afd68c4e", "value": "BlackEnergy_BE_2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1772349092", "to_ids": false, "type": "comment", "uuid": "9e5e9aa6-7a37-4bab-9a7d-3cfabb5a6993", "value": "Detects BlackEnergy 2 Malware" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1772349092", "to_ids": true, "type": "yara", "uuid": "24b788c6-58af-4d35-bc3f-4b05f6fd1bbf", "value": "rule BlackEnergy_BE_2 {\r\nmeta:\r\n\tdescription = \"Detects BlackEnergy 2 Malware\"\r\n\tlicense = \"Detection Rule License 1.1 https://github.com/Neo23x0/signaturebase/blob/master/LICENSE\"\r\n\tauthor = \"Florian Roth (Nextron Systems)\"\r\n\treference = \"http://goo.gl/DThzLz\"\r\n\tdate = \"2015/02/19\"\r\n\thash = \"983cfcf3aaaeff1ad82eb70f77088ad6ccedee77\"\r\nstrings:\r\n\t$s0 = \" Windows system utility service \" fullword ascii\r\n\t$s1 = \"WindowsSysUtility - Unicode\" fullword wide\r\n\t$s2 = \"msiexec.exe\" fullword wide\r\n\t$s3 = \"WinHelpW\" fullword ascii\r\n\t$s4 = \"ReadProcessMemory\" fullword ascii\r\ncondition:\r\n\tuint16(0) == 0x5a4d and filesize < 250KB and all of ($s*)\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1772349108", "uuid": "eb88a2c5-b579-4240-8545-87f2bc66752d", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1772349108", "to_ids": false, "type": "text", "uuid": "34eed185-6cb4-468c-8858-80ce4d068e90", "value": "BlackEnergy_VBS_Agent" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1772349108", "to_ids": false, "type": "comment", "uuid": "206c4b52-13e4-4c92-9f4a-ccef98708c53", "value": "Detects VBS Agent from BlackEnergy Report - file Dropbearrun.vbs" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1772349108", "to_ids": true, "type": "yara", "uuid": "8bdb00b4-6d20-45ee-8105-1770da27c3d6", "value": "rule BlackEnergy_VBS_Agent {\r\nmeta:\r\n\tdescription = \"Detects VBS Agent from BlackEnergy Report - file Dropbearrun.vbs\"\r\n\tlicense = \"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE\"\r\n\tauthor = \"Florian Roth (Nextron Systems)\"\r\n\treference = \"http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/\"\r\n\tdate = \"2016-01-03\"\r\n\thash = \"b90f268b5e7f70af1687d9825c09df15908ad3a6978b328dc88f96143a64af0f\"\r\nstrings:\r\n\t$s0 = \"WshShell.Run \\\"dropbear.exe -r rsa -d dss -a -p 6789\\\", 0, false\" fullword ascii\r\n\t$s1 = \"WshShell.CurrentDirectory =\\\"C:\\\\WINDOWS\\\\TEMP\\\\Dropbear\\\\\\\"\" fullword ascii\r\n\t$s2 = \"Set WshShell = CreateObject(\\\"WScript.Shell\\\")\" fullword ascii /* Goodware String - occured 1 times */\r\ncondition:\r\n\tfilesize < 1KB and 2 of them\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1772349125", "uuid": "5ead4160-5216-4104-a45e-a8a459761e6b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1772349125", "to_ids": false, "type": "text", "uuid": "b1e41e05-fcbc-46d7-a958-2cf57b4ec742", "value": "DropBear_SSH_Server" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1772349125", "to_ids": false, "type": "comment", "uuid": "135ae108-90fc-463e-a0b2-1489a2363579", "value": "Detects DropBear SSH Server (not a threat but used to maintain access)" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1772349125", "to_ids": true, "type": "yara", "uuid": "39e2a9c5-70c5-466e-99ae-e9b7c9ec0f5a", "value": "rule DropBear_SSH_Server {\r\nmeta:\r\n\tdescription= \"Detects DropBear SSH Server (not a threat but used to maintain access)\"\r\n\tlicense= \"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE\"\r\n\tauthor = \"Florian Roth (Nextron Systems)\"\r\n\treference=\"http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/\"\r\n\tdate = \"2016-01-03\"\r\n\tscore = 50\r\n\thash=0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd\"\r\nstrings:\r\n\t$s1 = \"Dropbear server v%s https://matt.ucc.asn.au/dropbear/dropbear.html\" fullword ascii\r\n\t$s2 = \"Badly formatted command= authorized_keys option\" fullword ascii\r\n\t$s3 = \"This Dropbear program does not support '%s' %s algorithm\" fullword ascii\r\n\t$s4 = \"/etc/dropbear/dropbear_dss_host_key\" fullword ascii\r\n\t$s5 = \"/etc/dropbear/dropbear_rsa_host_key\" fullword ascii\r\ncondition:\r\n\tuint16(0) == 0x5a4d and filesize < 1000KB and 2 of them\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1772349142", "uuid": "48003869-00c6-4027-8617-0763fb63cd73", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1772349142", "to_ids": false, "type": "text", "uuid": "39b3c782-da49-4785-bde5-dc092373bc24", "value": "BlackEnergy_BackdoorPass_DropBear_SSH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1772349142", "to_ids": false, "type": "comment", "uuid": "50414f49-3cd9-48b8-8f32-72e4d20be85f", "value": "Detects the password of the backdoored DropBear SSH Server - BlackEnergy" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1772349142", "to_ids": true, "type": "yara", "uuid": "8f7e66d2-25a4-43d5-a5b8-eb6341363180", "value": "rule BlackEnergy_BackdoorPass_DropBear_SSH {\r\nmeta:\r\n\tdescription = \"Detects the password of the backdoored DropBear SSH Server - BlackEnergy\"\r\n\tlicense = \"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE\"\r\n\tauthor = \"Florian Roth (Nextron Systems)\"\r\n\treference = \"http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/\"\r\n\tdate = \"2016-01-03\"\r\n\thash = \"0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd\"\r\nstrings:\r\n\t$s1 = \"passDs5Bu9Te7\" fullword ascii\r\ncondition:\r\n\tuint16(0) == 0x5a4d and $s1\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1772349162", "uuid": "2b65ab2f-e7e5-4c35-b432-80e8a6b3c4e5", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1772349162", "to_ids": false, "type": "text", "uuid": "b7bfd6c8-e996-4069-9333-5da549e48e74", "value": "BlackEnergy_KillDisk_1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1772349162", "to_ids": false, "type": "comment", "uuid": "f4e79776-2f3a-4a35-9e27-76951e8aaa49", "value": "Detects KillDisk malware from BlackEnergy" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1772349162", "to_ids": true, "type": "yara", "uuid": "c6c1641e-05d1-4121-92e5-4b8cabb353a8", "value": "rule BlackEnergy_KillDisk_1 {\r\nmeta:\r\n\tdescription = \"Detects KillDisk malware from BlackEnergy\"\r\n\tlicense = \"Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE\"\r\n\tauthor = \"Florian Roth (Nextron Systems)\"\r\n\treference = \"http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/\"\r\n\tdate = \"2016-01-03\"\r\n\tscore = 80\r\n\tsuper_rule = 1\r\n\thash1 = \"11b7b8a7965b52ebb213b023b6772dd2c76c66893fc96a18a9a33c8cf125af80\"\r\n\thash2 = \"5d2b1abc7c35de73375dd54a4ec5f0b060ca80a1831dac46ad411b4fe4eac4c6\"\r\n\thash3 = \"c7536ab90621311b526aefd56003ef8e1166168f038307ae960346ce8f75203d\"\r\n\thash4 = \"f52869474834be5a6b5df7f8f0c46cbc7e9b22fa5cb30bee0f363ec6eb056b95\"\r\nstrings:\r\n\t$s0 = \"system32\\\\cmd.exe\" fullword ascii\r\n\t$s1 = \"system32\\\\icacls.exe\" fullword wide\r\n\t$s2 = \"/c del /F /S /Q %c:\\\\*.*\" fullword ascii\r\n\t$s3 = \"shutdown /r /t %d\" fullword ascii\r\n\t$s4 = \"/C /Q /grant \" fullword wide\r\n\t$s5 = \"%08X.tmp\" fullword ascii\r\n\t$s6 = \"/c format %c: /Y /X /FS:NTFS\" fullword ascii\r\n\t$s7 = \"/c format %c: /Y /Q\" fullword ascii\r\n\t$s8 = \"taskhost.exe\" fullword wide /* Goodware String - occured 1 times\t*/\r\n\t$s9 = \"shutdown.exe\" fullword wide /* Goodware String - occured 1 times\t*/\r\ncondition:\r\n\tuint16(0) == 0x5a4d and filesize < 500KB and 8 of them\r\n}" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353017", "uuid": "f9004a22-2463-4c96-ad6f-ab9d0ef53f77", "Attribute": [ { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353017", "to_ids": true, "type": "md5", "uuid": "d5ec418d-a03c-4323-8469-7a7cf0980e54", "value": "97b41d4b8d05a1e165ac4cc2a8ac6f39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352103", "to_ids": true, "type": "sha1", "uuid": "766cc895-3bbd-4927-8129-2881ad5a7ecb", "value": "0b4be96ada3b54453bd37130087618ea90168d72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352103", "to_ids": true, "type": "sha256", "uuid": "8114c961-97b4-45a3-a80e-6d1068a8981a", "value": "3432db9cb1fb9daa2f2ac554a0a006be96040d2a7776a072a8db051d064a8be2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351619", "to_ids": true, "type": "ssdeep", "uuid": "599a66a2-3659-4f33-a871-5f16779058a1", "value": "768:K6GpjOLuaJEndu9yyCuSNrv+LVR4Lcs9m1RFyvSpQLZBkJU7YyvM05KVhLC3vR:KpYlayS6R4XsvFyv4QQJU7vR5SLCfR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351619", "to_ids": false, "type": "size-in-bytes", "uuid": "5ff6d258-5082-4d03-a4a1-c6f5387a162b", "value": "51600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351619", "to_ids": true, "type": "vhash", "uuid": "84f2fb10-fea4-4f98-99b6-27b7d9057666", "value": "054086651d151e55151c7iz11xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351619", "to_ids": true, "type": "filename", "uuid": "2921bdc9-01b0-43a3-bf41-99d439ca1584", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 21/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351619", "to_ids": false, "type": "text", "uuid": "efd69053-b13c-4804-ad0a-2c4d1b317bb2", "value": "Drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Phdet.A\nVT Total Detection:58/72\nFirst Submission:2015-11-10T07:51:42.000000+00:00\nLast Submission:2022-12-20T12:39:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353038", "uuid": "0fc4b39c-3111-4e6e-9cac-3ad0f8b24e9c", "Attribute": [ { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353038", "to_ids": true, "type": "md5", "uuid": "b5593a7a-d219-4c6d-a04c-55fbb8315d7a", "value": "1e439a13df4b7603f5eb7a975235065e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352104", "to_ids": true, "type": "sha1", "uuid": "ab867261-4d98-4d40-a2dd-28015b454845", "value": "1a86f7ef10849da7d36ca27d0c9b1d686768e177", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352104", "to_ids": true, "type": "sha256", "uuid": "fc405c1e-5685-433a-aab5-a0feabe3f12f", "value": "7874a10e551377d50264da5906dc07ec31b173dee18867f88ea556ad70d8f094", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351641", "to_ids": true, "type": "ssdeep", "uuid": "edaff0a0-ae80-4723-a39e-54aa6ab01550", "value": "1536:PO2OFwdpwpjJb9Qk+aLkVYgm3RDcVsgzv4Hestcs:W29z4jJxcaLiYgQWsgUH7L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351641", "to_ids": false, "type": "size-in-bytes", "uuid": "011d46c9-6b62-47ec-a1d6-9dd8a18513a4", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351641", "to_ids": true, "type": "vhash", "uuid": "d7e6e045-fd58-4956-933c-baa0faceb4e7", "value": "06406e751d1e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351641", "to_ids": true, "type": "filename", "uuid": "909ae02f-5718-4183-876c-27e1281a04aa", "value": "production.dll" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351641", "to_ids": false, "type": "text", "uuid": "d261c306-142f-4d51-9e6f-404f69bfb220", "value": "Drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:56/73\nFirst Submission:2015-07-28T11:00:27.000000+00:00\nLast Submission:2022-08-16T09:24:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353060", "uuid": "01926d2c-4f94-46ea-bbcc-ea7d2e312df0", "Attribute": [ { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353060", "to_ids": true, "type": "md5", "uuid": "9cea8406-5ba3-488a-aea7-b40f392844c6", "value": "c2fb8a309aef65e46323d6710ccdd6ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352105", "to_ids": true, "type": "sha1", "uuid": "b520777b-dc93-420a-a507-6d4efde9474e", "value": "2c1260fd5ceaef3b5cb11d702edc4cdd1610c2ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352105", "to_ids": true, "type": "sha256", "uuid": "9f462d04-ccf2-4ce3-b8df-834b5d146414", "value": "90ba78b6710462c2d97815e8745679942b3b296135490f0095bdc0cd97a34d9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351663", "to_ids": true, "type": "ssdeep", "uuid": "f38c13cc-b9b2-498f-a8b0-8fbc14a9382b", "value": "768:GYC/AVyOtMekwANrvtN33Mcou3GHLNFRA3VMfdY0v8IRr4B0QmMXG:s/AVLtLkt33DbwPu32fvRo0QmMXG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351663", "to_ids": false, "type": "size-in-bytes", "uuid": "fefa4843-54cb-4e7a-a85c-863488ce5dfb", "value": "52112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351663", "to_ids": true, "type": "vhash", "uuid": "142b3db0-2355-4135-8dc1-65ad4e6873aa", "value": "054086651d151e55151c7iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351663", "to_ids": true, "type": "filename", "uuid": "e112a44c-c6fe-4a9a-a370-b178aec4594e", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 19/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351663", "to_ids": false, "type": "text", "uuid": "d7db56de-2386-456b-aca7-936f3913bdbc", "value": "Drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win64/Phdet.C\nVT Total Detection:52/72\nFirst Submission:2015-12-30T09:36:00.000000+00:00\nLast Submission:2022-08-16T11:43:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353081", "uuid": "499680b1-d45e-46b8-9841-fc30e9a1a813", "Attribute": [ { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353081", "to_ids": true, "type": "md5", "uuid": "3def0663-d5b7-4fa2-8d73-19ca16c37eea", "value": "e60854c96fab23f2c857dd6eb745961c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352107", "to_ids": true, "type": "sha1", "uuid": "0be3da95-35b9-4330-aad0-4ffc762b6ea0", "value": "4bc2bbd1809c8b66eecd7c28ac319b948577de7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352107", "to_ids": true, "type": "sha256", "uuid": "afa31df0-b3e5-4016-9ea8-7ec515b9da13", "value": "244dd8018177ea5a92c70a7be94334fa457c1aab8a1c1ea51580d7da500c3ad5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351685", "to_ids": true, "type": "ssdeep", "uuid": "b25eec85-c7d5-4397-ac78-a4cefc80eaae", "value": "1536:ZotE8TK/Jv20Q0Oti7SSoWArcYU5u9tly+0OazRy:yTK/Jv20FKiWpdoYU5gqOazRy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351685", "to_ids": false, "type": "size-in-bytes", "uuid": "1171d5af-8d95-4cde-a585-73fda7af992b", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351685", "to_ids": true, "type": "vhash", "uuid": "a767df2c-15de-41ff-959e-57fc35e4a24c", "value": "06406e751d1e55151iz64xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351685", "to_ids": true, "type": "filename", "uuid": "a9bb5b8d-4aa6-4777-97dd-8f62f79f3490", "value": ".exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 27/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351685", "to_ids": false, "type": "text", "uuid": "9b66fee3-841f-4a9a-85af-999b042d29ca", "value": "Drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:60/72\nFirst Submission:2015-10-09T16:26:08.000000+00:00\nLast Submission:2022-11-27T06:11:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353102", "uuid": "9e76ff99-2624-416b-a2ae-8965d75a18ff", "Attribute": [ { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353102", "to_ids": true, "type": "md5", "uuid": "1e201b5c-d8bb-42b4-ad7f-fe4ca2f10f80", "value": "4354d590d056df19b7b55b3d95fcfdde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352108", "to_ids": true, "type": "sha1", "uuid": "7f9be0be-13f3-4da9-b000-720cde97563e", "value": "e5a2204f085c07250da07d71cb4e48769328d7dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352108", "to_ids": true, "type": "sha256", "uuid": "31f5d82e-c82e-4be6-9172-3c64cdace9a4", "value": "ed080c2635180f27c8d288e96c1105d0914dc1bb55917d2f5f2538fc32974aa2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351749", "to_ids": true, "type": "ssdeep", "uuid": "1655dd35-cab2-42e7-be9b-e75f64d0bdac", "value": "768:ivpwhjugCxk6mm6CzSNrvO4x+97vXbBoc6x3EmzhVuZFQMHKn4vrjQs5dQdnvfHz:iwLCSFefsYzLBYx3dzoOMuUAsvWJln" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351749", "to_ids": false, "type": "size-in-bytes", "uuid": "5066b8df-be73-49de-adc7-3b6d5eb4e596", "value": "51088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351749", "to_ids": true, "type": "vhash", "uuid": "d6ceb671-78a0-4da8-bc17-c9c9b8bede00", "value": "0540966c051f151e15151iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351749", "to_ids": true, "type": "filename", "uuid": "6ae0ae24-3b97-42fa-9289-64e1c3b1700f", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 14/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351749", "to_ids": false, "type": "text", "uuid": "bfd83364-9566-4a21-9834-499edb61634f", "value": "Drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet!rfn\nVT Total Detection:49/72\nFirst Submission:2016-02-23T07:45:03.000000+00:00\nLast Submission:2022-08-15T23:45:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353123", "uuid": "8e1d3fc2-c183-4a19-bf7b-0a28f52825bf", "Attribute": [ { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353123", "to_ids": true, "type": "md5", "uuid": "5fa212a8-82bd-4c86-9b2f-5622b0d4b8c6", "value": "2cae5e949f1208d13150a9d492a706c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352109", "to_ids": true, "type": "sha1", "uuid": "0be32bd2-4c1a-4d24-8b59-65dfb0f9b394", "value": "e1c2b28e6a35aeadb508c60a9d09ab7b1041afb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352109", "to_ids": true, "type": "sha256", "uuid": "861bb92b-5590-4000-bbc6-61afa3a3cf14", "value": "edcd1722fdc2c924382903b7e4580f9b77603110e497393c9947d45d311234bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351771", "to_ids": true, "type": "ssdeep", "uuid": "4518cef5-f60d-4000-81f2-6574b848581f", "value": "1536:mww5nDEelFdND/pqpCBeuzznM6v7zkSHTg+BfQC0NSs:fIFrHnM6v7wv+BfQ3P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351771", "to_ids": false, "type": "size-in-bytes", "uuid": "4c01c5d0-294c-4093-9ebe-dcd394a8993f", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351771", "to_ids": true, "type": "vhash", "uuid": "9a9cbb38-f88f-4ed9-96ac-baa80da9981f", "value": "06406e751d1e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351771", "to_ids": true, "type": "filename", "uuid": "cd0418ad-22a2-42b8-95d1-52b5d9728473", "value": ".bat" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351771", "to_ids": false, "type": "text", "uuid": "d0eca10f-d151-45bb-83e0-a91d4c2ea94c", "value": "Drivers\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:54/72\nFirst Submission:2015-12-30T00:30:47.000000+00:00\nLast Submission:2022-11-27T06:15:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353145", "uuid": "9dedb72d-15b1-4292-8f42-4691fdc7c668", "Attribute": [ { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353145", "to_ids": true, "type": "md5", "uuid": "668d9805-051a-4297-b3e1-56bbc3836ea9", "value": "0037b485aa6938ba2ead234e211425bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352110", "to_ids": true, "type": "sha1", "uuid": "3fd96aba-61a5-45c7-a25d-4d6189e9f040", "value": "c7e919622d6d8ea2491ed392a0f8457e4483eae9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Drivers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352110", "to_ids": true, "type": "sha256", "uuid": "3d15281f-3319-4d9b-8929-ccede4d6ee64", "value": "cbc4b0aaa30b967a6e29df452c5d7c2a16577cede54d6d705ca1f095bd6d4988", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351793", "to_ids": true, "type": "ssdeep", "uuid": "9452763e-d3e7-4c51-a593-21548030db60", "value": "768:2YC/AVyOtMekwANrvtN33HcaUVS0mJSQk6Ob+Fmx3zztRYi:8/AVLtLkt33HctVDlZb+FQ3zztRYi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351793", "to_ids": false, "type": "size-in-bytes", "uuid": "01d48410-fdda-42c6-a373-e3fc1a708bc0", "value": "52112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351793", "to_ids": true, "type": "vhash", "uuid": "3cdc16bb-2bb1-41b9-81ff-0ad9716220f1", "value": "054086651d151e55151c7iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351793", "to_ids": true, "type": "filename", "uuid": "23237aa4-3730-4bf2-84f1-ee58eb9d692d", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 14/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351793", "to_ids": false, "type": "text", "uuid": "99dfcd6c-fbe9-4116-9ebe-a6e43ab59591", "value": "Drivers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.C\nVT Total Detection:58/72\nFirst Submission:2015-06-05T12:50:18.000000+00:00\nLast Submission:2022-08-16T09:27:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353166", "uuid": "b0fe59c3-3e03-401a-8ac4-838b92113db5", "Attribute": [ { "category": "Payload delivery", "comment": "XLS document with a malicious macro", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353166", "to_ids": true, "type": "md5", "uuid": "723e70df-8341-43ff-b5db-93cd59a3ef17", "value": "97b7577d13cf5e3bf39cbe6d3f0a7732", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "XLS document with a malicious macro", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352112", "to_ids": true, "type": "sha1", "uuid": "6aad108e-5366-41f8-8c09-bbb00cf9065d", "value": "aa67ca4fb712374f5301d1d2bab0ac66107a4df1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "XLS document with a malicious macro", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352112", "to_ids": true, "type": "sha256", "uuid": "f743961f-170c-4dca-84b2-b85ffece7baa", "value": "052ebc9a518e5ae02bbd1bd3a5a86c3560aefc9313c18d81f6670c3430f1d4d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351815", "to_ids": true, "type": "ssdeep", "uuid": "d9083b97-f86d-4b4a-82d1-0f41123f66b9", "value": "12288:WfghhODBvtntqnRwEtjaeIPsmx5Lgc31DH:W43ODBvtntqnRwEtOeIEmDDj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351815", "to_ids": false, "type": "size-in-bytes", "uuid": "39b49b35-4413-4a74-8678-b7784dea98c7", "value": "734720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351815", "to_ids": true, "type": "vhash", "uuid": "94cce418-25d6-47d4-a65b-b2c5a8432cc8", "value": "c9faacb2d7cd138751c9aa37fdc96de8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351815", "to_ids": true, "type": "filename", "uuid": "e736b734-2cc5-43ea-ba7b-335ae358f02a", "value": "Blackenergy.xls" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 18/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351815", "to_ids": false, "type": "text", "uuid": "e24888ce-8a0c-4417-b64f-3d1629494599", "value": "XLS document with a malicious macro\r\nType Description: MS Excel Spreadsheet\nMicrosoft: TrojanDownloader:O97M/Donoff\nVT Total Detection:46/64\nFirst Submission:2015-08-03T10:37:19.000000+00:00\nLast Submission:2026-01-21T09:51:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353188", "uuid": "4ad04afa-3580-42cd-b7fa-adedab29d444", "Attribute": [ { "category": "Payload delivery", "comment": "Droppers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353188", "to_ids": true, "type": "md5", "uuid": "825f9527-72b6-4696-8231-74783a271592", "value": "abeab18ebae2c3e445699d256d5f5fb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Droppers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352113", "to_ids": true, "type": "sha1", "uuid": "7fc3ed7e-f2c8-4b5d-a90a-dfa22b86e860", "value": "4c424d5c8cfedf8d2164b9f833f7c631f94c5a4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Droppers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352113", "to_ids": true, "type": "sha256", "uuid": "707dbdc7-893d-4b54-a7d8-716cf79d1ff0", "value": "07e726b21e27eefb2b2887945aa8bdec116b09dbd4e1a54e1c137ae8c7693660", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351836", "to_ids": true, "type": "ssdeep", "uuid": "29b9d53c-11e8-4b90-8c42-ade883454ba4", "value": "1536:Ghe+Kwx4YUaZ8XC68hYS6Oxw2wcW/EE5YxUg3UZBFuLLKpmUPOFA7UBMK1tk:G4+KC4YNCXC6m6v2neEE5YJ3UZEU/K1O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351836", "to_ids": false, "type": "size-in-bytes", "uuid": "09ed6988-0476-41ac-92d1-9862605167e0", "value": "98304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351836", "to_ids": true, "type": "vhash", "uuid": "cf9a37da-dfb3-4010-893d-80fc3548adbc", "value": "094046755d15119z3anz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351836", "to_ids": true, "type": "filename", "uuid": "d365e337-0535-49b6-9e45-3610d1d5b6f1", "value": "CPLEXE.EXE" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 28/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351836", "to_ids": false, "type": "text", "uuid": "037aab7a-a129-4ce6-9dbc-4d5d6a297bd7", "value": "Droppers\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet!rfn\nVT Total Detection:63/72\nFirst Submission:2015-03-24T09:49:54.000000+00:00\nLast Submission:2024-08-14T01:03:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353209", "uuid": "7e133ad6-a7cb-412e-aeae-c64fb95c460d", "Attribute": [ { "category": "Payload delivery", "comment": "Droppers", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353209", "to_ids": true, "type": "md5", "uuid": "4ac706f5-0fe8-4316-b4ea-7e0a205fb690", "value": "1d6d926f9287b4e4cb5bfc271a164f51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Droppers", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352114", "to_ids": true, "type": "sha1", "uuid": "441722fb-6f83-4e25-bb0c-5758655bb201", "value": "896fcacff6310bbe5335677e99e4c3d370f73d96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Droppers", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352114", "to_ids": true, "type": "sha256", "uuid": "909d38e6-1e06-4fbf-be0c-8706e31ecaf2", "value": "07a76c1d09a9792c348bb56572692fcc4ea5c96a77a2cddf23c0117d03a0dfad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351858", "to_ids": true, "type": "ssdeep", "uuid": "6737f2ff-d419-42bb-8ea5-0b0ee07ce919", "value": "3072:ZdG47Cf/YfIMooepTY/m0XypfYI6xNZrz9Va/DBE8JIQ8yP676vWgJRQf:ZdGboIMorikpwZ7DV4DG8JI0yuzJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351858", "to_ids": false, "type": "size-in-bytes", "uuid": "feba76fd-be15-43da-a089-6f0a95991c05", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351858", "to_ids": true, "type": "vhash", "uuid": "3433af00-3d74-4812-84d4-7762adb1fbb3", "value": "015046755555108jz57z106001cfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351858", "to_ids": true, "type": "filename", "uuid": "66ba0215-114c-4a54-b145-5c8b3f53ce2e", "value": "write" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 24/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351858", "to_ids": false, "type": "text", "uuid": "7e3be22a-5e49-4005-850f-86c374eb1347", "value": "Droppers\r\nType Description: Win32 EXE\nMicrosoft: Trojan:MSIL/Cryptor\nVT Total Detection:60/72\nFirst Submission:2015-10-11T04:17:36.000000+00:00\nLast Submission:2024-02-06T03:08:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353230", "uuid": "d0075458-4108-4283-9aab-42b751bb5c14", "Attribute": [ { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353230", "to_ids": true, "type": "md5", "uuid": "6391446e-0b56-4fe7-8740-27327e8a8a82", "value": "cd1aa880f30f9b8bb6cf4d4f9e41ddf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352116", "to_ids": true, "type": "sha1", "uuid": "50e533e3-4255-40fd-88f3-dcf9f578efaa", "value": "16f44fac7e8bc94eccd7ad9692e6665ef540eec4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352116", "to_ids": true, "type": "sha256", "uuid": "6e083271-b384-465c-b20b-b202f843917a", "value": "5d2b1abc7c35de73375dd54a4ec5f0b060ca80a1831dac46ad411b4fe4eac4c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351879", "to_ids": true, "type": "ssdeep", "uuid": "f965f0eb-b90d-4904-8ba8-c5014d5dfe85", "value": "1536:Lu/ydBbJe7LkXIkTYkT+5FTd/+J85fUBGtml:aoY7LUTCTdGJOcQtml" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351879", "to_ids": false, "type": "size-in-bytes", "uuid": "877512c0-403e-4978-aa3f-3586b0b46ad5", "value": "90112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351879", "to_ids": true, "type": "vhash", "uuid": "f165ef4c-a9a3-46eb-a5cd-82abf4bbfd6e", "value": "094046655d151148z7cz23z13z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351880", "to_ids": true, "type": "filename", "uuid": "df5d6b9d-fe98-4575-9a9b-2087ea6f368a", "value": ".bat" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 27/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351880", "to_ids": false, "type": "text", "uuid": "cb6e1fd5-fcc7-4372-b96f-159a0ae0a141", "value": "KillDisk component\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malagent!MSR\nVT Total Detection:29/72\nFirst Submission:2015-10-25T01:31:24.000000+00:00\nLast Submission:2025-01-02T20:24:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353252", "uuid": "0493b099-29ec-4bf9-99e5-33aad14bddcf", "Attribute": [ { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353252", "to_ids": true, "type": "md5", "uuid": "34d22371-dbea-41d6-9d70-ac118fdee2cf", "value": "72bd40cd60769baffd412b84acc03372", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352116", "to_ids": true, "type": "sha1", "uuid": "ea94bc30-39c3-42ca-b9c7-f16b5160ce8e", "value": "8ad6f88c5813c2b4cd7abab1d6c056d95d6ac569", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352116", "to_ids": true, "type": "sha256", "uuid": "cd48e5a5-c9f5-48a4-928c-0e1e206ce431", "value": "f52869474834be5a6b5df7f8f0c46cbc7e9b22fa5cb30bee0f363ec6eb056b95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351901", "to_ids": true, "type": "ssdeep", "uuid": "7c315e7d-3b18-4a6a-8f78-4d31cd227a0a", "value": "1536:vs/rn8gU/M3p1thokZGqKTRSpEvMfC6+iLPLvXta:5dwhURSpUMfCvirLPta" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351901", "to_ids": false, "type": "size-in-bytes", "uuid": "c95fe41e-48e3-4e5c-afbb-22ec988c15c5", "value": "110592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351901", "to_ids": true, "type": "vhash", "uuid": "380f5ede-0978-4238-8d4f-44455dbb087a", "value": "015046655d151138z73bz23z13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351901", "to_ids": true, "type": "filename", "uuid": "e15cc596-960a-49a1-b865-40999167c147", "value": "release.bat" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351901", "to_ids": false, "type": "text", "uuid": "985a60f1-043a-4b20-b178-ef46bb53376f", "value": "KillDisk component\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:62/72\nFirst Submission:2015-11-10T09:31:41.000000+00:00\nLast Submission:2025-01-02T20:23:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353273", "uuid": "f852cc79-6791-49bd-bc7d-63424d963de2", "Attribute": [ { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353273", "to_ids": true, "type": "md5", "uuid": "68056d2d-07fb-4118-9fc8-6f84adff3f8e", "value": "66676deaa9dfe98f8497392064aefbab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352118", "to_ids": true, "type": "sha1", "uuid": "8e78679e-a655-47ce-9761-d64b38d8dcd3", "value": "6d6ba221da5b1ae1e910bbeaa07bd44aff26a7c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352118", "to_ids": true, "type": "sha256", "uuid": "34fb4764-f77d-4b45-912b-e8204e7700a4", "value": "11b7b8a7965b52ebb213b023b6772dd2c76c66893fc96a18a9a33c8cf125af80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351923", "to_ids": true, "type": "ssdeep", "uuid": "40fc847a-953c-4a93-a191-73f588c5f17a", "value": "1536:48cluldXhhm0ACyX5xgrkOTJ939LE1suyZNhtaDddO5yZbQwoBBmxGtTK:G+jmaagL39A1sfNPIv+y1QwoB8gtTK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351923", "to_ids": false, "type": "size-in-bytes", "uuid": "cdc1278a-275c-483d-aa5d-50ffae672b50", "value": "126976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351923", "to_ids": true, "type": "vhash", "uuid": "46010225-b80d-4c3c-a231-5279ef757f39", "value": "015046651d151148z7cz23z13z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351923", "to_ids": true, "type": "filename", "uuid": "49969d8f-b1eb-4b84-96f7-145327ccdc04", "value": "ololo.bin" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351923", "to_ids": false, "type": "text", "uuid": "3a2cb752-229f-4050-a618-d30b707c8e57", "value": "KillDisk component\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Detplock\nVT Total Detection:61/72\nFirst Submission:2015-10-25T23:07:26.000000+00:00\nLast Submission:2025-01-02T20:24:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353295", "uuid": "edbbcad4-7fe5-4c9c-a8ce-ba62412720b7", "Attribute": [ { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353295", "to_ids": true, "type": "md5", "uuid": "bc217ab2-dcfa-4bb7-8652-b368d0fa166e", "value": "7361b64ddca90a1a1de43185bd509b64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352119", "to_ids": true, "type": "sha1", "uuid": "2672d134-4b55-42e1-9e45-75b6faa8f48f", "value": "f3e41eb94c4d72a98cd743bbb02d248f510ad925", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KillDisk component", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352119", "to_ids": true, "type": "sha256", "uuid": "b731e7e7-5917-447b-a2dd-e78f44f67ee1", "value": "c7536ab90621311b526aefd56003ef8e1166168f038307ae960346ce8f75203d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351944", "to_ids": true, "type": "ssdeep", "uuid": "a59435cc-212c-4f8a-b370-b8b0da6cc988", "value": "1536:RFFgWOBN33zBLLCJ3qpgAXb84sXyA7oi0klOEI6toKtdw:9NEJlLLzLb4I6toKtdw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351944", "to_ids": false, "type": "size-in-bytes", "uuid": "bbc0d145-fe51-416b-b1ea-85c6e4052440", "value": "98304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351944", "to_ids": true, "type": "vhash", "uuid": "6f37daf9-b60f-4447-8eb3-800d0e34d9fa", "value": "094046655d151088z6dbz23z13z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351945", "to_ids": true, "type": "filename", "uuid": "51c566dc-e2eb-4ec9-b218-9ace5c4dfb72", "value": "main.js" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 11/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351945", "to_ids": false, "type": "text", "uuid": "14e9b9f4-3809-46fd-907c-b1e14eb819fa", "value": "KillDisk component\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/KillDisk.M\nVT Total Detection:61/72\nFirst Submission:2015-12-23T22:34:19.000000+00:00\nLast Submission:2022-08-16T14:04:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353317", "uuid": "34afc062-0319-45cc-8a3e-98785c2d3102", "Attribute": [ { "category": "Payload delivery", "comment": "Trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353317", "to_ids": true, "type": "md5", "uuid": "98d754d6-4e7c-472c-b572-2d8917b06506", "value": "0af5b1e8eaf5ee4bd05227bf53050770", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352121", "to_ids": true, "type": "sha1", "uuid": "3479c5c8-eb06-4bfc-be1c-90671403091a", "value": "72d0b326410e1d0705281fde83cb7c33c67bc8ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352121", "to_ids": true, "type": "sha256", "uuid": "f38fa7a6-ec58-4298-b67e-f7d43f978bb5", "value": "b90f268b5e7f70af1687d9825c09df15908ad3a6978b328dc88f96143a64af0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351966", "to_ids": true, "type": "ssdeep", "uuid": "09b17f22-b2b3-47da-b271-1dec4e4dee7d", "value": "3:jaPFEm8nhmCeRoakvugo/XKVhZotkqQBhKVhLXqFGpBlypB3gWA:j6NqhmCOoLvugoXOfAk1hKVd6kNiqWA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351966", "to_ids": false, "type": "size-in-bytes", "uuid": "5b52b71d-d5ef-4b25-925a-6de45475c07a", "value": "165" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351966", "to_ids": true, "type": "vhash", "uuid": "3d08642f-0d60-442b-ab08-a52ca66bbe16", "value": "d1750ea90596bb4e7cd6479d6b7d019e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351966", "to_ids": true, "type": "filename", "uuid": "7ce19653-69aa-4af3-b686-a95068abb3a0", "value": "Blackenergy_b90f268b5e7f70af1687d9825c09df15908ad3a6978b328dc88f96143a64af0f" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 27/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351966", "to_ids": false, "type": "text", "uuid": "1bceab97-b2fb-4e10-a80f-85a051efe8db", "value": "Trojan\r\nType Description: VBA\nMicrosoft: Trojan:VBS/Dorbear.A\nVT Total Detection:30/62\nFirst Submission:2015-10-13T10:51:25.000000+00:00\nLast Submission:2024-05-08T19:26:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772353339", "uuid": "6392f6d0-3261-4c29-8d2c-9550ae23bfdf", "Attribute": [ { "category": "Payload delivery", "comment": "Trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772353339", "to_ids": true, "type": "md5", "uuid": "f290905d-2763-4eb8-a030-cfb33d00bf18", "value": "fffeaba10fd83c59c28f025c99d063f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772352122", "to_ids": true, "type": "sha1", "uuid": "232455b1-4092-4fc6-91c6-b2ad3c5688e5", "value": "166d71c63d0eb609c4f77499112965db7d9a51bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772352122", "to_ids": true, "type": "sha256", "uuid": "eb77896d-07c4-4f94-ac84-08a026fef276", "value": "0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772351988", "to_ids": true, "type": "ssdeep", "uuid": "cdc9903a-5feb-4ad7-8918-3ddd134b46d0", "value": "3072:eJsQ8wmYajbs0mokp8XzsQmfp1543sDEinXPedm6NKe0j7Z39f2m9TEsngIpRN:xLHjPmokpCqO8r6n4Tnh5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772351988", "to_ids": false, "type": "size-in-bytes", "uuid": "37f0e2ec-f028-4521-a4d4-f12dfa8ccb9d", "value": "303152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772351988", "to_ids": true, "type": "vhash", "uuid": "f914948c-cbf1-4306-9c03-9de03eee7a91", "value": "0350d76d555c0d1515551bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772351988", "to_ids": true, "type": "filename", "uuid": "488b40fc-9a2c-4c41-a9f6-d09b5cc16a18", "value": "\u6709\u6548\u8ca0\u8f09.bat" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 03/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772351988", "to_ids": false, "type": "text", "uuid": "44d27a10-1f4a-4442-97e1-5ec808414241", "value": "Trojan\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dorbear.A\nVT Total Detection:57/72\nFirst Submission:2015-06-25T09:16:03.000000+00:00\nLast Submission:2025-01-21T03:03:43.000000+00:00" } ] } ] } }