{ "Event": { "analysis": "1", "date": "2016-10-01", "extends_uuid": "", "info": "[Threat Intel] BLACKENERGY \u2013 WHAT WE REALLY KNOW ABOUT THE NOTORIOUS CYBER ATTACKS", "protected": false, "publish_timestamp": "1772419750", "published": true, "threat_level_id": "2", "timestamp": "1772419748", "uuid": "7af3faec-22b0-42be-9b4b-fefa49f9fb66", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771814373", "to_ids": false, "type": "link", "uuid": "d953dc31-1f84-4f6b-87b4-e8be76f43f7a", "value": "https://www.virusbulletin.com/uploads/pdf/magazine/2016/VB2016-Cherepanov-Lipovsky.pdf" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771814394", "to_ids": false, "type": "vulnerability", "uuid": "eb2e5bd4-9696-48c4-85f4-684e905e7df7", "value": "CVE-2012-0158" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771814394", "to_ids": false, "type": "vulnerability", "uuid": "ef4efd8a-1dbd-41c4-b636-bbb0fedbf821", "value": "CVE-2013-3906" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771814426", "to_ids": false, "type": "vulnerability", "uuid": "b7b7a54c-f56a-46cc-832b-09c9b3ffb214", "value": "CVE-2014-4114" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771814426", "to_ids": false, "type": "vulnerability", "uuid": "a8cc103a-e11d-4c2a-ba43-df112b777ee3", "value": "CVE-2008-3431" }, { "category": "Payload delivery", "comment": "Exploits No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771848169", "to_ids": true, "type": "sha256", "uuid": "bfaa0da9-ddea-4eaf-9335-27d6ae4e6b22", "value": "4ae76b5abf77b3589031e435ebe034a33e0888f369513d4a84592196c3c13d9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Exploits No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771848170", "to_ids": true, "type": "sha256", "uuid": "ca6d3a5a-b950-4552-bb6e-b31157ec4b60", "value": "eb4e5923dce5e2906bb51a4ae0b536f42c5659caed2cd991f23f6c91fa38a188", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Exploits No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771848171", "to_ids": true, "type": "sha256", "uuid": "2c7c3be5-0e76-462a-97a3-bbdffd97049e", "value": "15f42698829d169ab783f799615e7e14eef7658f354534e0fb79814a9ab7cf4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Nmap scanner No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771848173", "to_ids": true, "type": "sha256", "uuid": "5017137a-ac5b-470e-8639-7b7267401c8f", "value": "5cb4147c6fe72ba3782cc6c2bc0b1da69d5576b2e993c6c3649b0488e2364472", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771848175", "uuid": "58d1fc1d-b5db-4b78-8bcb-4ceee7431c31", "Attribute": [ { "category": "Payload delivery", "comment": "Exploits", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771848175", "to_ids": true, "type": "md5", "uuid": "e09e3d83-5e98-4ae4-a13a-a42c4d9fa72d", "value": "00a6681e0814c58577ed863f78f83623", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Exploits", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771848161", "to_ids": true, "type": "sha1", "uuid": "14d23ddb-2656-4497-957b-1e3a52a07acb", "value": "4e459ff437368d6b9d6c964251078937efe10cc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Exploits", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771848161", "to_ids": true, "type": "sha256", "uuid": "0fa6a0fe-3e70-4ba2-8c29-ab3d55f04b8c", "value": "38531caeb2c314487714e4ce7a5b9791b67e7aa8693fe12e33a585afd5313fc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771847924", "to_ids": true, "type": "ssdeep", "uuid": "f9d45df1-65cd-429a-80fc-0dd659588ca1", "value": "6144:3yMS2A7xm+O5P/Vs4nwA9+Bn7XpnwazTNsCL+3I4Z5uWGR8RUYpj/qbS3VR/PBya:H6mLc6EXtwG9+YI5+ROfcCz/mSQEDLX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771847924", "to_ids": false, "type": "size-in-bytes", "uuid": "ce2ef91e-34c9-453a-b4e1-d3145743f9f6", "value": "716833" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771847924", "to_ids": true, "type": "vhash", "uuid": "56d4de28-8874-40c4-92dc-be7996ea7c5b", "value": "748537afe0adc5065e9d2200dfbce3ee" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771847924", "to_ids": true, "type": "filename", "uuid": "340bfde1-94b3-4b13-8f5e-9f2a27964277", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 10/12/2019", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771847924", "to_ids": false, "type": "text", "uuid": "863b522b-130d-4737-a2dd-e611ae55805a", "value": "Exploits\r\nType Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:35/61\nFirst Submission:2013-11-20T12:30:59.000000+00:00\nLast Submission:2018-05-05T23:52:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771848197", "uuid": "84ef2a3c-a594-430d-80df-343c4feebc90", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771848197", "to_ids": true, "type": "md5", "uuid": "97fb8ea1-9899-4b39-a842-6ec4cfc13193", "value": "975bec1a27cd77461c8fb5796e9ce617", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771848163", "to_ids": true, "type": "sha1", "uuid": "1e565bde-12e3-4b3f-85f3-e258fd7dc187", "value": "cb548682027a7c3f840e99a9ad76eab9495074f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771848163", "to_ids": true, "type": "sha256", "uuid": "5dfc0786-380c-4c05-8afc-7029ef72759e", "value": "554d284c533231466a79d798334ae3212f4efa30637b055e26842209cb5b24c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771847988", "to_ids": true, "type": "ssdeep", "uuid": "dd80df84-c59a-4876-8baa-7aff57011d63", "value": "12288:L6vwSJYJetkS1ySMPMsHh/M3DDirbOKrFJfPNb3PHbrNNo/axMzu:Ls7kSkMsB/MorNNo/axMzu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771847988", "to_ids": false, "type": "size-in-bytes", "uuid": "ebbd7545-3c56-493a-bcea-422c5e2c0013", "value": "442368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771847988", "to_ids": true, "type": "vhash", "uuid": "986aff29-e8fb-4c6d-b3ef-c044b89a5386", "value": "a6e370efc126e65bbee7f9a6a0a251fe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771847988", "to_ids": true, "type": "filename", "uuid": "5210dfa5-ffb0-4d1f-ab7c-631f2a3cc0aa", "value": "mobilisation_Z29zcF9jZGFAa2JwLmtpZXYudWE=.pps" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 13/06/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771847988", "to_ids": false, "type": "text", "uuid": "57bf4127-a13a-435e-8bda-b7eb16dbc36d", "value": "Malicious document\r\nType Description: MS PowerPoint Presentation\nMicrosoft: None\nVT Total Detection:30/63\nFirst Submission:2016-02-04T14:06:10.000000+00:00\nLast Submission:2016-04-13T16:22:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771848218", "uuid": "d128a84a-5f3c-435c-9e2a-9382bb26a303", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771848218", "to_ids": true, "type": "md5", "uuid": "97ec30ab-7bc8-4262-85f3-160d48a3e974", "value": "9cf5a50226af02b3e5afac0113fde7a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771848164", "to_ids": true, "type": "sha1", "uuid": "c1f00c5e-73e8-420a-9f6e-07862ff7be43", "value": "4431632fa4b4f042fbb6b7442efcb41dbbf43322", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771848164", "to_ids": true, "type": "sha256", "uuid": "7fc12cea-cf99-4179-b87a-c25101beb228", "value": "2cd03d202e02d6b3e6715924ba5e6e1b5c29b87840c78354764c659dc46173ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771848010", "to_ids": true, "type": "ssdeep", "uuid": "e59496cb-1ecf-467c-9763-359075c31c0b", "value": "6144:cZ+RwPONXoRjDhIcp0fDlavx+W26jAdb7KX3v15JJJJJJJJJJJJJJJJJJJJJJJJA:LuXNSJXA1GK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771848010", "to_ids": false, "type": "size-in-bytes", "uuid": "9514e457-a247-42d5-82c4-2c4119ead717", "value": "326144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771848010", "to_ids": true, "type": "vhash", "uuid": "e9faca80-e991-463c-9be2-1b692a022b11", "value": "a430630092e854d87916075d149b0f78" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771848010", "to_ids": true, "type": "filename", "uuid": "3eb6f44d-c0b4-4fb3-a0b5-761fff2fd155", "value": "\u0417\u0430\u0433\u0430\u043b\u044c\u043d\u0438\u0439 \u0434\u043e\u0432\u0456\u0434\u043d\u0438\u043a \u0414\u041f \u0410\u041c\u041f\u0423 \u043d\u0430 23 07 15.xls" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 03/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771848010", "to_ids": false, "type": "text", "uuid": "653f1ea8-121c-4dd6-9a97-76465aad86fe", "value": "Malicious document\r\nType Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/Aptdrop.H\nVT Total Detection:32/64\nFirst Submission:2016-04-26T06:39:14.000000+00:00\nLast Submission:2016-04-26T06:40:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771848239", "uuid": "a636e90c-bd12-4978-beea-c39cbafe9de3", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771848239", "to_ids": true, "type": "md5", "uuid": "7cf49d9f-5bdf-4646-92b7-21e42bcc4a8a", "value": "07219b6aced30b29b4e85e07219f6af5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771848165", "to_ids": true, "type": "sha1", "uuid": "0aa6b13a-5079-4b39-8d52-23df2f415d16", "value": "cb92ae3eb364897af03ec0b6c6c8a935abfd880e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771848165", "to_ids": true, "type": "sha256", "uuid": "db486e69-5e92-4840-bb98-25a253b1a139", "value": "969e9156c3ed97f56e3f2c9a7b372ed193a4ed7add74af533955b1482a3bb519", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771848032", "to_ids": true, "type": "ssdeep", "uuid": "3f6b9b3e-0aa8-460f-ad6b-d530e2f1e571", "value": "12288:Qc6rl6jPDOzOupPX25v2p8aGzpHlDCfLEbg:ZMl6jPDOzOupPX25v2p8aGzui" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771848032", "to_ids": false, "type": "size-in-bytes", "uuid": "c4fd11cc-e970-4be5-b7ef-7ef8dbaf6a58", "value": "796672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771848032", "to_ids": true, "type": "vhash", "uuid": "718ac929-949c-4ab1-af35-e132d995d845", "value": "a430630092e854d87916075d149b0f78" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771848032", "to_ids": true, "type": "filename", "uuid": "6ef5bf39-db96-4c0d-9a31-40cb36ec2404", "value": "Investing_Plan.xls" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 21/10/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771848032", "to_ids": false, "type": "text", "uuid": "8082445e-60a9-4df9-abd2-57b8a7ad6bfe", "value": "Malicious document\r\nType Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/Aptdrop.H\nVT Total Detection:33/61\nFirst Submission:2015-12-10T13:48:51.000000+00:00\nLast Submission:2016-01-08T19:07:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771848261", "uuid": "a814ea53-24c6-4018-98e2-63006c48551c", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771848261", "to_ids": true, "type": "md5", "uuid": "61337f54-607e-4adf-a59e-a69bb8f8a0b3", "value": "afacdd0dab2fd9f981c5bfff9b60930a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771848167", "to_ids": true, "type": "sha1", "uuid": "7da0bc97-04a5-4503-83b0-c1a3b9092ae8", "value": "11f94d9af3eec7754a06d2e8ff8ccc04d157b5ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious document", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771848167", "to_ids": true, "type": "sha256", "uuid": "7e1ffc32-a409-4a45-90a3-51f93f1a54ba", "value": "3e843f2973e6a1486a04cc980a14b9e3ebd19b5d3ad5e2d45828239e543c784e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771848053", "to_ids": true, "type": "ssdeep", "uuid": "2cd5bbe4-36b8-4aa3-a054-73f8545fac73", "value": "24576:teNqJqtGHw/M6HrhLdoetUR4BocQ3APxdOzCaETI9br:te8qIHw/M6HrhLdoetUR4BocQ3YYP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771848053", "to_ids": false, "type": "size-in-bytes", "uuid": "4276244e-83ec-4d69-9a00-115d90f3d145", "value": "986112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771848053", "to_ids": true, "type": "vhash", "uuid": "9da40f76-9be0-44ce-b38f-580087c7de3e", "value": "5ed70fcceae71b50373a81fbe4bd2e22" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771848053", "to_ids": true, "type": "filename", "uuid": "533e4bcc-9fda-4d62-8162-c70dfdd027f6", "value": "\u0414\u043e\u0434\u0430\u0442\u043e\u043a_1.xls" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 04/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771848053", "to_ids": false, "type": "text", "uuid": "49de46d4-61b1-4aff-8755-adea9e29241a", "value": "Malicious document\r\nType Description: MS Excel Spreadsheet\nMicrosoft: TrojanDropper:O97M/Aptdrop.H\nVT Total Detection:35/63\nFirst Submission:2015-04-23T09:30:28.000000+00:00\nLast Submission:2016-12-21T06:55:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771848282", "uuid": "fae6cf72-5709-4068-b17b-f6412a97934e", "Attribute": [ { "category": "Payload delivery", "comment": "Custom DSEFix", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771848282", "to_ids": true, "type": "md5", "uuid": "8ff62a8a-f19f-4584-820d-cbdc3871e47f", "value": "a6c129937bf68ee3e2fa7a1b1911841e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Custom DSEFix", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771848167", "to_ids": true, "type": "sha1", "uuid": "5785073b-0aaf-47cf-b043-8bb8be9456ae", "value": "2b1e8befaa792b2c35996395ecbae6001b20023e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Custom DSEFix", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771848168", "to_ids": true, "type": "sha256", "uuid": "f91fc7b9-0777-4e2d-96dd-325d1bdc7fb3", "value": "bc190e0533c4f75f3e303979be21c06c40b3f6ceec86071a46692c3d85370772", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771848097", "to_ids": true, "type": "ssdeep", "uuid": "1a78ddab-7799-4968-8c3a-7067cad81025", "value": "3072:DlFDuPEP6TgWtXAnVjrelB8zT9xUgV3d38uezp0U9vgLA6DUOOO:RFDuO6Tg8XAVjrUBs9Zd3XeLvg03O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771848097", "to_ids": false, "type": "size-in-bytes", "uuid": "ec3f4c70-7cd3-44b8-8851-18dd61da8380", "value": "289792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771848097", "to_ids": true, "type": "vhash", "uuid": "7faf5647-0c6c-4d04-afcc-d364df425f92", "value": "025086551d551d1d051510f8z5a7z5047z11z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771848097", "to_ids": true, "type": "filename", "uuid": "c0539294-4f2b-4b8a-bf6b-d93458b96004", "value": "dsefix.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 26/01/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771848097", "to_ids": false, "type": "text", "uuid": "6362b287-f731-453c-811d-b96591575a1c", "value": "Custom DSEFix\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:3/71\nFirst Submission:2015-06-25T07:50:03.000000+00:00\nLast Submission:2016-01-06T12:57:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771848304", "uuid": "90d95128-7a68-4708-87f6-1f67482f25aa", "Attribute": [ { "category": "Payload delivery", "comment": "Win32/SSHBearDoor.A", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771848304", "to_ids": true, "type": "md5", "uuid": "3a31ebbc-8503-41dc-b783-637d12262284", "value": "fffeaba10fd83c59c28f025c99d063f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Win32/SSHBearDoor.A", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771848169", "to_ids": true, "type": "sha1", "uuid": "983b982b-cf3b-4dc2-911c-637b107763c2", "value": "166d71c63d0eb609c4f77499112965db7d9a51bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Win32/SSHBearDoor.A", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771848169", "to_ids": true, "type": "sha256", "uuid": "0a6903c8-1181-4ec7-8982-3615fd5a2d15", "value": "0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771848119", "to_ids": true, "type": "ssdeep", "uuid": "f52fa8e8-c281-4721-86b0-d9553089f5c8", "value": "3072:eJsQ8wmYajbs0mokp8XzsQmfp1543sDEinXPedm6NKe0j7Z39f2m9TEsngIpRN:xLHjPmokpCqO8r6n4Tnh5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771848119", "to_ids": false, "type": "size-in-bytes", "uuid": "7697aeb2-eef9-432f-b1fb-81b965883efa", "value": "303152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771848119", "to_ids": true, "type": "vhash", "uuid": "5c913214-d466-43ea-b020-6d50987e66fc", "value": "0350d76d555c0d1515551bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771848119", "to_ids": true, "type": "filename", "uuid": "0167f745-e1e5-414a-bed9-4a4be8a7394b", "value": "\u6709\u6548\u8ca0\u8f09.bat" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 03/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771848119", "to_ids": false, "type": "text", "uuid": "a99d5af6-e23f-4fd8-8bdc-daa87587741a", "value": "Win32/SSHBearDoor.A\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dorbear.A\nVT Total Detection:57/72\nFirst Submission:2015-06-25T09:16:03.000000+00:00\nLast Submission:2025-01-21T03:03:43.000000+00:00" } ] } ] } }