{ "Event": { "analysis": "1", "date": "2017-10-20", "extends_uuid": "", "info": "[Threat Intel] Dragonfly: Western energy sector targeted by sophisticated attack group", "protected": false, "publish_timestamp": "1772419779", "published": true, "threat_level_id": "2", "timestamp": "1772419777", "uuid": "8d2fb70e-3149-4ef3-be81-4160444cb137", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"ENERGETIC BEAR\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"Dragonfly 2.0\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771885477", "to_ids": false, "type": "link", "uuid": "c7d50362-50a0-4434-97a3-f77ceecf76f2", "value": "https://www.security.com/threat-intelligence/dragonfly-energy-sector-cyber-attacks" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771889846", "to_ids": true, "type": "url", "uuid": "092c3c27-6f03-4d71-ac5c-f4f7ed059239", "value": "http://103.41.177.69/A56WY", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771889868", "to_ids": true, "type": "url", "uuid": "52aad572-ea2b-481e-a00f-a99bbcc60587", "value": "http://37.1.202.26/getimage/622622.jpg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:24/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771889844", "to_ids": true, "type": "md5", "uuid": "ec805766-c0d2-4f5d-a4d5-adc7c0be151c", "value": "765fcd7588b1d94008975c4627c8feb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771889889", "to_ids": true, "type": "ip-dst", "uuid": "85e86859-f9f1-4c38-aca0-12ba33d2825d", "value": "184.154.150.66", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771889911", "uuid": "cf095414-4fdd-48d4-8f38-ed534523c278", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771889911", "to_ids": true, "type": "md5", "uuid": "8edaecff-c949-4215-bcc5-9ecc286deb0e", "value": "b3b5d67f5bbf5a043f5bf5d079dbcb56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771889835", "to_ids": true, "type": "sha1", "uuid": "039a806a-efdf-4c17-9a1f-844f240bf653", "value": "c7eae6cd08d0601223b641745f078dffce285066", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771889835", "to_ids": true, "type": "sha256", "uuid": "430c9a68-840f-4394-9c17-8ca8ddfe6725", "value": "cee4211af96df184236e816ab0b11d95d1075148299a29719fcd9675b2714426", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771889646", "to_ids": true, "type": "ssdeep", "uuid": "86c664bb-396f-46eb-b7db-bb5ec0e401c3", "value": "768:QRCfDUNMlhMxhJNW3YHo7YAoEDjAnXTcK8ZU9qZU93mTOPggf:I+D3M3a4o7Y1ozpJ2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771889646", "to_ids": false, "type": "size-in-bytes", "uuid": "fe2b8cbe-c2d7-406d-808e-530db6387baa", "value": "87040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771889646", "to_ids": true, "type": "vhash", "uuid": "8dbd0db9-0dd5-4065-9a54-7eec60872b8a", "value": "084056655d15156az36mz11fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771889646", "to_ids": true, "type": "filename", "uuid": "5963c0f4-7b04-49f3-bd21-f377e6ab40fe", "value": "b3b5d67f5bbf5a043f5bf5d079dbcb56_RGDCKKWmCBLJlNsLeyO.eXE" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 16/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771889646", "to_ids": false, "type": "text", "uuid": "33083f8c-73e4-4130-811d-a132bbbdbd8c", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Meterpreter.gen!C\nVT Total Detection:55/72\nFirst Submission:2016-08-05T02:01:00.000000+00:00\nLast Submission:2023-01-16T08:07:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771889932", "uuid": "3381bb7c-c958-46fb-83d2-f93f7c3ac6a6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771889932", "to_ids": true, "type": "md5", "uuid": "3ec7eb89-7de4-475d-9c6a-2c76685a6d58", "value": "1560f68403c5a41e96b28d3f882de7f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771889837", "to_ids": true, "type": "sha1", "uuid": "cb61be43-0f59-4b20-96c8-0607eb4687a2", "value": "95db15c67b48945237af7de61f3dbab92c99edd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771889837", "to_ids": true, "type": "sha256", "uuid": "a27ab686-5eaf-403c-906c-7a630ea5d8f6", "value": "28143c7638f22342bff8edcd0bedd708e265948a5fcca750c302e2dca95ed9f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771889667", "to_ids": true, "type": "ssdeep", "uuid": "d66f427e-a4f8-4e1f-be03-704b973b740d", "value": "1536:D1QQQtU42UHZCoK9aIteYtsDyFDXGoDT6CkbaJrLoMr:D1QQQtVVZafDdT6v07" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771889667", "to_ids": false, "type": "size-in-bytes", "uuid": "4e504a36-2750-4abd-8d02-5bc3c1751a0e", "value": "77824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771889667", "to_ids": true, "type": "vhash", "uuid": "b1d54243-3453-40f7-9f3e-a2e2e45f3be7", "value": "074075145d1d065d1d7bz3!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771889667", "to_ids": true, "type": "filename", "uuid": "1dc38a94-031c-4273-b8f8-45e6e4b1e36c", "value": "stservice.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771889667", "to_ids": false, "type": "text", "uuid": "1c7b13b2-a809-4b55-a1db-46a864c068fe", "value": "Type Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Banload\nVT Total Detection:61/72\nFirst Submission:2016-09-05T18:30:02.000000+00:00\nLast Submission:2023-07-04T07:04:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771889953", "uuid": "400fa66f-b9bb-4180-89dd-c5252036be74", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771889953", "to_ids": true, "type": "md5", "uuid": "95eb7f2b-cde1-4fc9-b12f-3d539f6540f2", "value": "e02603178c8c47d198f7d34bcf2d68b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771889838", "to_ids": true, "type": "sha1", "uuid": "a5d27077-59b8-49e4-9122-2a8ce8e665d0", "value": "d6ef3e457819425bf9524e8a7070f3fcf21c3ad5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771889838", "to_ids": true, "type": "sha256", "uuid": "5f76abf1-4e77-44c6-9b3e-09b4d0fb98c1", "value": "b051a5997267a5d7fa8316005124f3506574807ab2b25b037086e2e971564291", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771889689", "to_ids": true, "type": "ssdeep", "uuid": "3385cb4c-c1a2-4a8c-98c2-e5127cf2a3f9", "value": "24:tuMWu0SmlsnYnRlfI4GSR2n0KN3RSxIllTIjzm/mO7/kqOyt2:tuMLvnSRxI4GSINhg6qjCAF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771889689", "to_ids": false, "type": "size-in-bytes", "uuid": "6bd00f5e-327b-45f1-9438-02fffbcc34ce", "value": "13824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771889689", "to_ids": true, "type": "vhash", "uuid": "b946c24e-7298-4e15-a504-e67684071c64", "value": "11402e1d101;z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771889689", "to_ids": true, "type": "filename", "uuid": "aa8f5955-d56d-48a6-98ca-611aa3971a6e", "value": "~tmp132356.dll" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 16/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771889689", "to_ids": false, "type": "text", "uuid": "8ba81381-7bb8-4b89-86dd-fdf3f1b170df", "value": "Type Description: Win32 DLL\nMicrosoft: TrojanDownloader:Win64/Banload\nVT Total Detection:55/74\nFirst Submission:2016-09-17T21:04:05.000000+00:00\nLast Submission:2021-11-26T15:30:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771889975", "uuid": "2807ff47-39d8-44c4-ac2a-db27beb22304", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771889975", "to_ids": true, "type": "md5", "uuid": "a0f2b894-ae44-4a53-9aa4-b929430f87c6", "value": "da9d8c78efe0c6c8be70e6b857400fb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771889839", "to_ids": true, "type": "sha1", "uuid": "3835c63e-d714-4bf9-92b2-220be770395c", "value": "cd9519127efcc9a65068befe17ae038c94085358", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771889839", "to_ids": true, "type": "sha256", "uuid": "9406a4f3-dd23-4289-bd7f-7070b5ea7828", "value": "fc54d8afd2ce5cb6cc53c46783bf91d0dd19de604308d536827320826bc36ed9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771889711", "to_ids": true, "type": "ssdeep", "uuid": "f7b11456-9203-4b0e-bd13-a5cef98009e2", "value": "384:O1ek0+3pUZy5zdcfbg93aASRLxZH4bQhQq0i2TqjO2of/EDHKb0nuHBzP+fYCWgN:O1ewpmjGKlZHFhb2TH3EDqAnyhfCl1J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771889711", "to_ids": false, "type": "size-in-bytes", "uuid": "a2acf307-8fe6-4c86-b870-ccffba6982ad", "value": "35840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771889711", "to_ids": true, "type": "vhash", "uuid": "513f5e2b-eed4-4c57-ae19-322bc6deedf1", "value": "034056655d15555az49hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771889711", "to_ids": true, "type": "filename", "uuid": "39cf1b37-cedf-40ed-9b0b-4e9acb9000e4", "value": "test" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771889711", "to_ids": false, "type": "text", "uuid": "773a048c-602f-44ea-9c52-316987971e20", "value": "Type Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Banload\nVT Total Detection:38/73\nFirst Submission:2017-06-21T03:00:07.000000+00:00\nLast Submission:2023-01-16T07:08:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771889996", "uuid": "b4612aa5-396e-4a20-9db2-830a21bea9fd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771889996", "to_ids": true, "type": "md5", "uuid": "726b3ec2-d358-4464-a701-00fa458f4103", "value": "a4cf567f27f3b2f8b73ae15e2e487f00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771889840", "to_ids": true, "type": "sha1", "uuid": "b673fbe0-dcd6-461a-8450-2867618f6f4a", "value": "4f2faef3d65099c19d617df73af5119dd719240c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771889840", "to_ids": true, "type": "sha256", "uuid": "247d528e-9b6d-40c8-8f57-aba3afab320b", "value": "178348c14324bc0a3e57559a01a6ae6aa0cb4013aabbe324b51f906dcf5d537e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771889732", "to_ids": true, "type": "ssdeep", "uuid": "cec9daf6-9f50-460c-a826-07225cf52a2d", "value": "24576:1St2XEkBL7H3PN8D+5dJhZw6GnuUtiNG0a:tXEkBLDCAfcuUM5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771889732", "to_ids": false, "type": "size-in-bytes", "uuid": "8a6bb4b4-8391-47d9-a7e6-fd0794e4115b", "value": "889856" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771889732", "to_ids": true, "type": "vhash", "uuid": "299dd905-7682-499f-9451-103bace274ad", "value": "085066655d15555551e3z22z921z3061z2011z53z11z3fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771889732", "to_ids": true, "type": "filename", "uuid": "6e6b2eb2-c29f-4d3c-a660-160d00de23d2", "value": "a4cf567f27f3b2f8b73ae15e2e487f00_PtaeiMUGMNEaFwm.Exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771889732", "to_ids": false, "type": "text", "uuid": "b0712927-6e80-42ed-8e2e-37fc392c2b68", "value": "Type Description: Win32 EXE\nMicrosoft: HackTool:Win64/Mimikatz.A\nVT Total Detection:60/72\nFirst Submission:2017-04-06T08:53:19.000000+00:00\nLast Submission:2023-01-16T08:12:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771890018", "uuid": "b1a47e4d-11c5-4951-9257-833bec917650", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771890018", "to_ids": true, "type": "md5", "uuid": "57d40ab6-55a8-4f0b-9cdf-cf0a834bfa29", "value": "141e78d16456a072c9697454fc6d5f58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771889841", "to_ids": true, "type": "sha1", "uuid": "407d4e1f-0177-444c-866f-21574eea2ea2", "value": "eff5e2a3ac471a1b5ecdf51a72e003a82c350506", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771889841", "to_ids": true, "type": "sha256", "uuid": "ba8e9e8f-e7aa-42fb-851a-7fd1f89cb633", "value": "c272a2d96aefdef746f983e7f8720792e8a6dee97a766a651dc55f70f605b23d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771889775", "to_ids": true, "type": "ssdeep", "uuid": "1f9afc09-d6f9-4e18-9864-6c0b697487c4", "value": "3072:5IfTAcmXvMJyydcOE1ZcbK+EpWxKItqRzAdCTDLTBw:u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771889775", "to_ids": false, "type": "size-in-bytes", "uuid": "694ebe14-0bd8-49d1-b216-32d6b4fba1e1", "value": "140919" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771889775", "to_ids": true, "type": "vhash", "uuid": "a42e7cc2-248f-4ba0-9738-2659f556291a", "value": "1ca19d7e57f6bbd1ca89858cf39ba7e3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771889775", "to_ids": true, "type": "filename", "uuid": "75ecaaf4-47c9-40a4-a81d-13b7c29ee8e3", "value": "141e78d16456a072c9697454fc6d5f58-cve-vt31" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 12/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771889775", "to_ids": false, "type": "text", "uuid": "365f8031-51e0-4828-b858-f449c5eea182", "value": "Type Description: Office Open XML Document\nMicrosoft: Trojan:Win32/Groooboor\nVT Total Detection:21/68\nFirst Submission:2016-04-28T14:50:11.000000+00:00\nLast Submission:2023-05-11T09:45:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771890039", "uuid": "2c5344de-028d-4012-a70c-71c88eab2c56", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771890039", "to_ids": true, "type": "md5", "uuid": "86a29ddc-0f4b-4092-a3b6-2cadf7eb2ba1", "value": "db07e1740152e09610ea826655d27e8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771889842", "to_ids": true, "type": "sha1", "uuid": "0654efb7-25c3-43c4-9307-c1258636bb5c", "value": "793986fb79bc66807e28f233b52efa7c315862c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771889842", "to_ids": true, "type": "sha256", "uuid": "2b56af86-a205-4f5c-8dc6-2a8429da917d", "value": "2f159b71183a69928ba8f26b76772ec504aefeac71021b012bd006162e133731", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771889798", "to_ids": true, "type": "ssdeep", "uuid": "7a03bd11-445e-4874-a1bd-089c6638b924", "value": "96:hDrKygLnAhjMbU7wUNsJzzrNXKyysV5d0b:hDmyg3w77Ns5nNaEK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771889798", "to_ids": false, "type": "size-in-bytes", "uuid": "3e4872d0-9448-443c-b362-7bd9227654cb", "value": "20480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771889798", "to_ids": true, "type": "vhash", "uuid": "a9493457-9416-4f30-9b09-c417388f4b60", "value": "2240361515160c191z10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771889798", "to_ids": true, "type": "filename", "uuid": "ce8a5673-b6aa-4e0d-bf4e-e31ac40a608e", "value": "screen.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771889798", "to_ids": false, "type": "text", "uuid": "fcdc5cb8-3f1e-43f0-aa8f-41d91f393606", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Groooboor\nVT Total Detection:51/71\nFirst Submission:2017-09-11T16:47:44.000000+00:00\nLast Submission:2023-01-16T06:46:13.000000+00:00" } ] } ] } }