{ "Event": { "analysis": "1", "date": "2022-04-12", "extends_uuid": "", "info": "[Threat Intel] Cyberattack by the Sandworm group (UAC-0082) on Ukrainian energy facilities using the malware INDUSTROYER2 and CADDYWIPER (CERT-UA#4435)", "protected": false, "publish_timestamp": "1772424899", "published": true, "threat_level_id": "1", "timestamp": "1772424893", "uuid": "79dd7b67-1679-45e1-9db0-2a71b37c3637", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"CERT-UA\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Sandworm\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CaddyWiper\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772331407", "to_ids": false, "type": "link", "uuid": "9afb74c8-431c-4910-85d6-8b76d9de7cb1", "value": "https://cert.gov.ua/article/39518" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772350572", "to_ids": true, "type": "ip-dst", "uuid": "e5e515a0-3bf5-411a-b456-9ca137dd0aa4", "value": "91.245.255.243", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772350593", "to_ids": true, "type": "ip-dst", "uuid": "1af91de0-4c90-4c52-bec1-9d7a883c7a52", "value": "195.230.23.19", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772337647", "to_ids": false, "type": "link", "uuid": "e28c832c-2131-42c1-9cf5-ad35b922994c", "value": "https://www.securonix.com/blog/industroyer2-caddywiper-targeting-ukrainian-power-grid/" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772350615", "uuid": "2e58f04f-f45f-48b7-9677-7f557223b105", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772350615", "to_ids": true, "type": "md5", "uuid": "ab3b14ca-9ee1-444f-96ce-93b11df950b0", "value": "73561d9a331c1d8a334ec48dfd94db99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772349584", "to_ids": true, "type": "sha1", "uuid": "77bf94c2-45e3-421d-b792-2e03a4f2ee25", "value": "3cdbc19bc4f12d8d00b81380f7a2504d08074c15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772349584", "to_ids": true, "type": "sha256", "uuid": "2740b3eb-84e7-4158-aaf2-f0917616911e", "value": "bcdf0bd8142a4828c61e775686c9892d89893ed0f5093bdc70bde3e48d04ab99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772349334", "to_ids": true, "type": "ssdeep", "uuid": "14d853a3-a7ff-4e49-8921-4418c5083e60", "value": "192:jNhE21baNxtrilGAL4WDnEHgCyLslERTJx+f4:jNS4OxtOlTE6EAJsp4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772349334", "to_ids": false, "type": "size-in-bytes", "uuid": "4600e1d2-1d12-4eb7-9dcc-0e98b5d7692b", "value": "10046" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772349334", "to_ids": true, "type": "filename", "uuid": "dd029e16-77b1-4170-bd62-8c3c60743c19", "value": "bcdf0bd8142a4828c61e775686c9892d89893ed0f5093bdc70bde3e48d04ab99.sh" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772349334", "to_ids": false, "type": "text", "uuid": "ab6d5e2f-11d6-4bbf-9f0d-052281d30bc6", "value": "Type Description: Shell script\nMicrosoft: Trojan:Linux/ShellAgent.AC!MTB\nVT Total Detection:34/62\nFirst Submission:2022-05-04T04:52:12.000000+00:00\nLast Submission:2025-06-28T09:24:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772350636", "uuid": "695d2d5d-24ef-458d-8422-f895ba16a266", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772350636", "to_ids": true, "type": "md5", "uuid": "fa6c19e1-8172-4ab1-9102-e0c7e889256f", "value": "9ec8468dd4a81b0b35c499b31e67375e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772349585", "to_ids": true, "type": "sha1", "uuid": "ad8a1c38-1d8f-4ae0-90e7-4c5297fc446a", "value": "6fa04992c0624c7aa3ca80da6a30e6de91226a16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772349585", "to_ids": true, "type": "sha256", "uuid": "890b1e57-6a0a-4d4a-9a6d-3afab42a005d", "value": "cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772349398", "to_ids": true, "type": "ssdeep", "uuid": "d0e6b310-e838-4b14-98ef-9afab4a7bebf", "value": "12288:CpCB9AVqhPDUHvOdO21ai1m2Y+o1mQR5LaVfnkBUxarLIN8Wah5/wodPdv7PVTFe:Cp12UPQkBUO/B5/lzTVTFH+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772349398", "to_ids": false, "type": "size-in-bytes", "uuid": "3facadd3-13bd-41a6-a253-8e35209aa52a", "value": "639488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772349398", "to_ids": true, "type": "vhash", "uuid": "83ff6fa0-a230-4996-8bd0-7ea7a99e403b", "value": "065046655d1565z12z7d7z5023z95z14z1c7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772349398", "to_ids": true, "type": "filename", "uuid": "cc4fc5eb-8079-4361-b63b-b8e199dc26f5", "value": "cda9310715b7a12f47b7c134260d5ff9200c147fc1d05f030e507e57e3582327.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772349398", "to_ids": false, "type": "text", "uuid": "a4562d90-e9f4-4175-97a6-46cea4000ac5", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/AprilAxe.B!dha\nVT Total Detection:59/72\nFirst Submission:2022-04-11T17:14:03.000000+00:00\nLast Submission:2025-12-15T13:19:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772350658", "uuid": "4dbb1f50-ae7f-401d-8af7-906cf809953b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772350658", "to_ids": true, "type": "md5", "uuid": "8adc54ea-c9d6-4826-8981-ceff2d20823d", "value": "1938380a81a23b8b1100de8403b583a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772349586", "to_ids": true, "type": "sha1", "uuid": "59ba1903-1b60-46ca-a356-ab422a3125d7", "value": "9ce1491ce69809f92ae1fe8d4c0783bd1d11fbe7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772349586", "to_ids": true, "type": "sha256", "uuid": "5f655a03-6b28-416f-8d7e-5b1682fc01e2", "value": "1724a0a3c9c73f4d8891f988b5035effce8d897ed42336a92e2c9bc7d9ee7f5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772349420", "to_ids": true, "type": "ssdeep", "uuid": "2a72ea3a-123e-49de-a4b7-c2cc5dd7d1a1", "value": "96:6vWh+Y890aCVtXugDPkriXR4RmGM+nqi3nr/:6T0VduD4tG9r/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772349420", "to_ids": false, "type": "size-in-bytes", "uuid": "de102276-2056-435a-86c8-4e84243ebe9d", "value": "3734" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772349420", "to_ids": true, "type": "filename", "uuid": "80d2d0e2-6b57-4988-96f3-36c6c7bc3b50", "value": "1724a0a3c9c73f4d8891f988b5035effce8d897ed42336a92e2c9bc7d9ee7f5a.unknown" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 09/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772349420", "to_ids": false, "type": "text", "uuid": "821fcdb4-1b32-48ad-a285-5285e1f5f0f9", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:30/62\nFirst Submission:2022-04-11T17:15:15.000000+00:00\nLast Submission:2026-02-26T01:17:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772350680", "uuid": "bd8adcf6-cf65-4f68-9d10-49c13d685e3c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772350680", "to_ids": true, "type": "md5", "uuid": "6227acad-5142-4e36-8d8d-d931e5f930d3", "value": "b63b9929b8f214c4e8dcff7956c87277", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772349587", "to_ids": true, "type": "sha1", "uuid": "d7ae85d2-22b0-4ff6-b2a6-8425842c90be", "value": "13aa2b7c1dad663462efc0a88d64770d2bc5dc4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772349587", "to_ids": true, "type": "sha256", "uuid": "6735b1c3-0efc-4121-a9e6-2d23a4a92212", "value": "fc0e6f2effbfa287217b8930ab55b7a77bb86dbd923c0e8150551627138c9caa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772349441", "to_ids": true, "type": "ssdeep", "uuid": "455c5ebf-84ae-4aa4-8bad-243162df94e7", "value": "48:73BnC4rIH1VDDmQXv63wlBCIijlnKDMDAclNH4MgE4fLRhvtvmRUSU1uMeLCu8lH:D5kHfrCCCIsK4scnwjfLRttqkjrZo6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772349441", "to_ids": false, "type": "size-in-bytes", "uuid": "b71eb9f1-0426-447f-8b90-e5ef4b01122c", "value": "3734" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772349441", "to_ids": true, "type": "filename", "uuid": "7c278380-1665-42d2-8d96-f414e12f9157", "value": "435425___852ad4d0-093f-4749-a872-099fe00d1d02.dat" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772349441", "to_ids": false, "type": "text", "uuid": "919f986e-65c6-4866-85f9-6e29635a0622", "value": "Type Description: MS Compress\nMicrosoft: DoS:Win32/CaddyWiper.B!dha\nVT Total Detection:23/63\nFirst Submission:2022-04-12T20:55:55.000000+00:00\nLast Submission:2024-09-18T06:19:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772424864", "uuid": "12a3aad6-3457-4b9a-94b9-df44abe2beb3", "Attribute": [ { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772424864", "to_ids": true, "type": "md5", "uuid": "695907f1-8ab2-44fe-986b-18a2dae6f04f", "value": "fbe32784c073e341fc57d175a913905c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772424864", "to_ids": true, "type": "sha256", "uuid": "a58cd18f-2854-4c30-9670-f01ead4a11bc", "value": "43d07f28b7b699f43abd4f695596c15a90d772bfbd6029c8ee7bc5859c2b0861", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772424880", "uuid": "45843bff-3f4d-47bb-8f8d-138e568b623c", "Attribute": [ { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772424880", "to_ids": true, "type": "md5", "uuid": "7a6c8915-a39a-4a44-9ea9-efe6f1bd3455", "value": "97ad7f3ed815c0528b070941be903d07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772424880", "to_ids": true, "type": "sha256", "uuid": "2e1a651d-da93-47f6-bdd7-fab0c41f628a", "value": "87ca2b130a8ec91d0c9c0366b419a0fce3cb6a935523d900918e634564b88028", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772424893", "uuid": "8e82a2c4-e5ab-4e90-b2dc-2e549522be38", "Attribute": [ { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772424893", "to_ids": true, "type": "md5", "uuid": "16a89735-3058-4987-8de2-69850049ef72", "value": "3229e8c4150b5e43f836643ec9428865", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772424893", "to_ids": true, "type": "sha256", "uuid": "0e2bdbc1-b4fc-4b02-8743-0f74ad1ba4d3", "value": "7062403bccacc7c0b84d27987b204777f6078319c3f4caa361581825c1a94e87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ] } ] } }