{ "Event": { "analysis": "1", "date": "2024-12-17", "extends_uuid": "", "info": "[Threat Intel] ICS Threat Analysis: New, Experimental Malware Can Kill Engineering Processes", "protected": false, "publish_timestamp": "1772423952", "published": true, "threat_level_id": "2", "timestamp": "1772423947", "uuid": "933551cf-0c5a-40bb-8ea8-20b5247a57c0", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ramnit\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772369475", "to_ids": false, "type": "link", "uuid": "2bcf22c4-f53a-4f67-99a0-89ae390d3865", "value": "https://www.forescout.com/blog/ics-threat-analysis-new-experimental-malware-can-kill-engineering-processes/", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hosting Ramnit", "deleted": false, "disable_correlation": false, "timestamp": "1772394499", "to_ids": true, "type": "domain", "uuid": "4f081c71-5eaf-449e-87dd-77c420a356c7", "value": "432i.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hosting Ramnit", "deleted": false, "disable_correlation": false, "timestamp": "1772394521", "to_ids": true, "type": "domain", "uuid": "45330a14-c4e0-43b9-9573-8bfed0dcb167", "value": "az-security.info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hosting Ramnit", "deleted": false, "disable_correlation": false, "timestamp": "1772394542", "to_ids": true, "type": "domain", "uuid": "e29b8927-afc5-4b6d-b9e7-c4682b07977b", "value": "0g0d.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hosting Ramnit", "deleted": false, "disable_correlation": false, "timestamp": "1772394564", "to_ids": true, "type": "domain", "uuid": "a02b466a-736b-41de-a5e6-fd2fd86d89b1", "value": "grpaper.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Discord web hook in the first iteration of Chaya_003", "deleted": false, "disable_correlation": false, "timestamp": "1772423945", "to_ids": true, "type": "url", "uuid": "28af0cab-7b72-4f06-9bd8-cbf0ce3d5250", "value": "https://discord.com/api/webhooks/iamawebhookfrfr/69696969", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Discord web hook in the second and third iterations", "deleted": false, "disable_correlation": false, "timestamp": "1772423947", "to_ids": true, "type": "url", "uuid": "484b6bea-9d46-4f84-a7cf-bcb2e27ed289", "value": "https://discord.com/api/webhooks/1291410641793454080/", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Possibly associated with the creators of Chaya_003", "deleted": false, "disable_correlation": false, "timestamp": "1772394628", "to_ids": true, "type": "domain", "uuid": "5faa82ec-374c-4f00-9cc2-6d2bf21104c8", "value": "x86assembly.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Possibly associated with the creators of Chaya_003", "deleted": false, "disable_correlation": false, "timestamp": "1772394649", "to_ids": true, "type": "ip-dst", "uuid": "9fbd3422-ce8c-4aa7-8adf-2f405d986f68", "value": "198.185.159.144", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394671", "uuid": "cc961319-92a7-4976-86d6-b040b9ad1edc", "Attribute": [ { "category": "Payload delivery", "comment": "executable of Mitsubishi GX Works", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394671", "to_ids": true, "type": "md5", "uuid": "c5418656-0129-434d-8551-43d568d6bc80", "value": "617ee2ab7f47f3af917e96aa343f905d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "executable of Mitsubishi GX Works", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394151", "to_ids": true, "type": "sha1", "uuid": "b0ce0b4b-90e0-49a3-9dbc-0e4d053c1d3b", "value": "1dae1485d7a0a73833bd7811bb6d2b44906a5b1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "executable of Mitsubishi GX Works", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394151", "to_ids": true, "type": "sha256", "uuid": "d3f8573a-be58-4402-8cbf-b2826390fe00", "value": "703f0aac78d388f1fbe3800697015d092fa70cea2c01f22f456c8b1aa20a2334", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393324", "to_ids": true, "type": "ssdeep", "uuid": "0347b4eb-e30d-4a15-9999-dfc44f47d4d9", "value": "3072:BFiow3gePmLoi8d9berO6UOpPi2FRuWyu3VwTccls:+LU8d9berO6biKutuWo+s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393324", "to_ids": false, "type": "size-in-bytes", "uuid": "42fbad63-08a4-4c9b-b1be-d7a58dd5bfa4", "value": "291252" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393324", "to_ids": true, "type": "vhash", "uuid": "f4b7f09c-2b74-4c4d-85dc-b0f94e01d7eb", "value": "025056555d151e707013z11zd7z301bz55z12z181z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772393324", "to_ids": true, "type": "filename", "uuid": "2fb92cc5-8b8f-47e1-9faf-7944ada1e65b", "value": "617ee2ab7f47f3af917e96aa343f905d.virus" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 25/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393324", "to_ids": false, "type": "text", "uuid": "768b3fda-3477-4e17-a1c0-1bfdbb5b2827", "value": "executable of Mitsubishi GX Works\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Ramnit.P\nVT Total Detection:67/72\nFirst Submission:2024-09-07T22:00:09.000000+00:00\nLast Submission:2024-09-07T22:00:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394692", "uuid": "f21fc2d2-0709-43a8-aa0a-324c301786f8", "Attribute": [ { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394692", "to_ids": true, "type": "md5", "uuid": "4f8622f1-ebd0-4d99-adcb-2469ba0fb872", "value": "a76ebfae063c9112c40ad34063d2474e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394152", "to_ids": true, "type": "sha1", "uuid": "ba586753-3117-4ac1-9c52-aca66e272155", "value": "870361c5843cef92184f7a8fa93dfd7c6acf1b44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394152", "to_ids": true, "type": "sha256", "uuid": "a51f7648-4f8c-4f0a-94a0-eae00e2122c5", "value": "1b8957804dfa7324d10bf6d7ca22fc038951ab57ab1e6838da9c63ad057c1d20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393346", "to_ids": true, "type": "ssdeep", "uuid": "6efa4bbc-6704-4831-a95b-c72dc692bbf6", "value": "6144:kpcJRObwoYspAil0/l9sU1SWvFdacOdAac:kpcCbwoYs2i+9HSW9dluU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393346", "to_ids": false, "type": "size-in-bytes", "uuid": "0eb09a70-522e-4762-be79-2a1921a177f7", "value": "258048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393346", "to_ids": true, "type": "vhash", "uuid": "e5d26eaa-4540-4a98-b914-a2398d2f242f", "value": "125066655d15156e703013z100129z2bzbaz110f4" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393346", "to_ids": false, "type": "text", "uuid": "e5a95a54-dfaa-4afa-a6d7-85c771ef2362", "value": "DLLs associated with the same executable\r\nType Description: Win32 DLL\nMicrosoft: Virus:Win32/Ramnit.A\nVT Total Detection:66/72\nFirst Submission:2024-10-18T13:04:31.000000+00:00\nLast Submission:2024-10-18T13:04:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394714", "uuid": "43f9628f-ff78-4377-b964-90d6455f4d33", "Attribute": [ { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394714", "to_ids": true, "type": "md5", "uuid": "431b58ca-30af-4918-add8-5f0785d5a8cf", "value": "b70c02a9a95afa230a73345558910565", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394153", "to_ids": true, "type": "sha1", "uuid": "b9290eff-d70e-49f7-b8f3-222b74f91f0b", "value": "5bdf3ad07816bc25b58867ab3144d70e5337eca5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394153", "to_ids": true, "type": "sha256", "uuid": "3ca56e61-4b9e-46cd-91b0-7f5faa983006", "value": "5b63ca75f95dc549729bb6261e9dc22f6425547584366188770507bd964221b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393367", "to_ids": true, "type": "ssdeep", "uuid": "521d7cfb-3b67-4f9d-a4fe-cab7d7aba02e", "value": "3072:71zy+qqdt1BH+sEldP5elmMVhwaPWvq2dacCPuuZLAada:7NVb11OvFdacOdAac" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393367", "to_ids": false, "type": "size-in-bytes", "uuid": "1d6569cf-7741-4cfa-a41b-fc2e0f318787", "value": "208896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393367", "to_ids": true, "type": "vhash", "uuid": "f44515ec-9c2b-422b-84d3-5f952b2259bc", "value": "125066655d15155e7035z10016mz12az17075" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393368", "to_ids": false, "type": "text", "uuid": "faebf7a1-5f63-4d71-9d49-107f6f25bfda", "value": "DLLs associated with the same executable\r\nType Description: Win32 DLL\nMicrosoft: Virus:Win32/Ramnit.A\nVT Total Detection:63/72\nFirst Submission:2024-10-18T16:39:01.000000+00:00\nLast Submission:2024-10-18T16:39:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394735", "uuid": "7f70bd74-7553-463b-ac45-27909ecc8d05", "Attribute": [ { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394735", "to_ids": true, "type": "md5", "uuid": "10423497-2458-4b5a-9e5f-1be0e93c6a40", "value": "bbaa50bed8d4cc2fd3d2c92d364e9df4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394154", "to_ids": true, "type": "sha1", "uuid": "527b95b1-715a-4c8a-92b4-32030e2052a7", "value": "9cdf1eca10fc74dcb1849a8bd9f139bbc0847300", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394154", "to_ids": true, "type": "sha256", "uuid": "795ac87a-f4d5-4c26-821e-11578676cc8f", "value": "5ec05f903cc94d559b8eb23aa749805b78de2845bd2317017bc8e50cdceb613f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393389", "to_ids": true, "type": "ssdeep", "uuid": "85687fd7-d2e4-4d3e-936e-ac889d4f6d31", "value": "6144:fdLBOS/IhfBzAr0K7K7tSbKt68Re8r0R7oJTGnne0rRMS5:FLIDArk/kneVq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393389", "to_ids": false, "type": "size-in-bytes", "uuid": "3427e291-335c-4385-b92d-ed501d8ee7b7", "value": "335872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393389", "to_ids": true, "type": "vhash", "uuid": "5ea4db6e-54cb-425e-8faa-70a0bf93f187", "value": "135066655d15155e703032z16001b7z206az39az20177" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393389", "to_ids": false, "type": "text", "uuid": "767def93-3186-4227-a9c6-0af064530ffa", "value": "DLLs associated with the same executable\r\nType Description: Win32 DLL\nMicrosoft: Virus:Win32/Ramnit.A\nVT Total Detection:65/72\nFirst Submission:2024-10-18T16:41:00.000000+00:00\nLast Submission:2024-10-18T16:41:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394756", "uuid": "e148112c-ce5a-4e3e-ae80-066c608413ef", "Attribute": [ { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394756", "to_ids": true, "type": "md5", "uuid": "825e8717-ed8d-4c1d-8879-bf5d2f90ab59", "value": "856bf67eadb7f1cb7ff60279f083328e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394155", "to_ids": true, "type": "sha1", "uuid": "a7e7d320-127d-49f8-8169-f11aa157621b", "value": "4cec4a0dc5be56b07c1ac4503fdce2e75506d017", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394155", "to_ids": true, "type": "sha256", "uuid": "f80a4101-f274-49d8-8262-15fb3cd335d3", "value": "69eb2b940ba1fc7bc46699eeb3ff11d921683609f636efae05c0cb796b588a38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393411", "to_ids": true, "type": "ssdeep", "uuid": "7742b624-9fcb-4371-a742-9f4db63c82dc", "value": "3072:Vy7qL6E56iJFtMy64ArrjSxuxPVBvq2dacCPuuZLAada:VVt56yXwuxutvFdacOdAac" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393411", "to_ids": false, "type": "size-in-bytes", "uuid": "aec1753f-86ff-4f7b-b645-94e9c749e14f", "value": "180224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393411", "to_ids": true, "type": "vhash", "uuid": "079b8a9c-5a26-4aeb-a980-59e9d0f76bae", "value": "115066655d15155e7038z12#z1506a" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 28/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393411", "to_ids": false, "type": "text", "uuid": "1be329fc-ab31-404b-b73c-7de402f532f2", "value": "DLLs associated with the same executable\r\nType Description: Win32 DLL\nMicrosoft: Virus:Win32/Ramnit.A\nVT Total Detection:65/72\nFirst Submission:2024-10-18T14:46:30.000000+00:00\nLast Submission:2024-10-18T14:46:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394778", "uuid": "38641470-f475-4e1c-91e3-5845d2b450b0", "Attribute": [ { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394778", "to_ids": true, "type": "md5", "uuid": "04fe9aa2-e7ec-461c-aa5a-a95ecb814f4e", "value": "e1a36c6e5a05ec1d792acec7def0c6fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394157", "to_ids": true, "type": "sha1", "uuid": "dc14ab3e-5283-4187-b810-2299ff50531a", "value": "7cc8013168f3e2dc186fb6bc75bca6aef8a54e58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394157", "to_ids": true, "type": "sha256", "uuid": "1113e4c8-6b59-40e4-b1de-db15b75877a3", "value": "8b585155cdc7fcbe3d2fa169b307756557ef0d69afb392726f577a73f11d5a97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393432", "to_ids": true, "type": "ssdeep", "uuid": "32106595-1a56-4e36-9639-d8e3d2c86484", "value": "3072:gDIHFaQogZ5thstMkdm0qPuBTsWfBrokP29:gDIHh98yFWfFoke" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393432", "to_ids": false, "type": "size-in-bytes", "uuid": "e21ba7c9-5477-42ae-b3f6-2ad0f0eb36b9", "value": "131072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393432", "to_ids": true, "type": "vhash", "uuid": "d69383bf-57da-49f2-8a1a-e27ecf8de828", "value": "115066655d15155e7038z11nz2bzf017" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772393432", "to_ids": true, "type": "filename", "uuid": "5194d9b1-bf4b-49e1-8fac-3ba0d8afbdb2", "value": "GD2ComUICheck.dll" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393432", "to_ids": false, "type": "text", "uuid": "fee127e0-3f8d-44de-ab01-f89632bab1cb", "value": "DLLs associated with the same executable\r\nType Description: Win32 DLL\nMicrosoft: Virus:Win32/Ramnit.A\nVT Total Detection:65/72\nFirst Submission:2024-10-19T15:04:18.000000+00:00\nLast Submission:2024-10-19T15:04:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394800", "uuid": "3b3872d9-62cf-4138-a1f2-ca1aebcc2aeb", "Attribute": [ { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394800", "to_ids": true, "type": "md5", "uuid": "1b9e36e1-b23e-47e7-8663-ab31f0d0d4aa", "value": "f470a0c437accc0b65a41f71bc787e13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394158", "to_ids": true, "type": "sha1", "uuid": "346aacfa-b91b-4546-8fca-865846826948", "value": "9556cff1d10f6ccefd0ab919ecd5377f9056980c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394158", "to_ids": true, "type": "sha256", "uuid": "3b747cfd-11fa-41f7-bbd1-dce3e94d1f72", "value": "a1d721db0583eed0077bb8ab542ff15a806d24e2dbf13557b12842bd49995354", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393454", "to_ids": true, "type": "ssdeep", "uuid": "8e8581b7-bbb9-4a04-8733-5fa0986938f4", "value": "6144:THINzH5TYYbURxubXvhRAq5KaZWlyPJhjwcQeblehzpHK8m3+6eb6dwSfnYon4Vp:THIrTYYbCx+X5RAq5KaZWlwJhjwcQebw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393454", "to_ids": false, "type": "size-in-bytes", "uuid": "e88be3e7-87fd-4c45-b9b0-2ae9e94032dd", "value": "274432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393454", "to_ids": true, "type": "vhash", "uuid": "9000e889-6639-4466-916b-164752c131e5", "value": "125066655d15156e7035z200119z1bzeaz18055" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393454", "to_ids": false, "type": "text", "uuid": "726bde64-8315-4f54-8217-0a764051af6b", "value": "DLLs associated with the same executable\r\nType Description: Win32 DLL\nMicrosoft: Virus:Win32/Ramnit.A\nVT Total Detection:66/72\nFirst Submission:2024-10-18T15:03:17.000000+00:00\nLast Submission:2024-10-18T15:03:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394822", "uuid": "4d8a2c87-df5c-4f6d-bcb6-9e2b657260d3", "Attribute": [ { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394822", "to_ids": true, "type": "md5", "uuid": "f4929581-afca-45d5-8baa-8243a8756de3", "value": "bcb33eea79291f2ac625d0e2d06c461d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394159", "to_ids": true, "type": "sha1", "uuid": "07e0e5dd-e8ce-4ee7-b257-df1d6e14e6cf", "value": "7f14d5fccb492295ce96f9263ff69d8ac274e794", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394159", "to_ids": true, "type": "sha256", "uuid": "20e7ff12-9145-42ba-a471-332c1d2c6c4f", "value": "ad5922bcc740e5761a708c526d023450ca278168ebcefaaf80f85815d6d6d24e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393476", "to_ids": true, "type": "ssdeep", "uuid": "6403233a-8bc1-4498-b41d-97c8383dfbff", "value": "6144:HpyRJE3TTfMk4GgwQFNHj5GiMhT4/vFdacOdAac:HwRSDTfMk4GgrTHj5qhT4/9dluU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393476", "to_ids": false, "type": "size-in-bytes", "uuid": "00941973-87cc-4083-bd16-4f8713c8b5a7", "value": "339968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393476", "to_ids": true, "type": "vhash", "uuid": "8e16562e-206f-414a-8ce3-68b6f2a3583b", "value": "135066655d15155e7035z20011nzeaz1c0fd" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393476", "to_ids": false, "type": "text", "uuid": "87d1ff46-a718-47a5-8ba2-bfee88293ab2", "value": "DLLs associated with the same executable\r\nType Description: Win32 DLL\nMicrosoft: Virus:Win32/Ramnit.A\nVT Total Detection:67/72\nFirst Submission:2024-10-19T15:09:25.000000+00:00\nLast Submission:2024-10-19T15:09:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394844", "uuid": "44c8eb2e-df01-47fc-bdba-02656959903d", "Attribute": [ { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394844", "to_ids": true, "type": "md5", "uuid": "160daa78-45d7-4d9e-96cf-3440748cfbb4", "value": "0f5d53fc15762a966e8c5ead271e0960", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394161", "to_ids": true, "type": "sha1", "uuid": "60e50714-4027-44cf-b4ab-fcd12a3e4788", "value": "fd81716626c152071258b49dfda3eff0da34ebb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394161", "to_ids": true, "type": "sha256", "uuid": "dfd6d95e-4c74-411a-b57d-d13208e33b88", "value": "c1826e0d310a6a02f2ee1b5d88b6c0dd48baa8fe1dd99447e98e42c4ca023c96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393497", "to_ids": true, "type": "ssdeep", "uuid": "29ee3373-965d-4003-b844-c3a0cc2c91cb", "value": "24576:YkIA7FKGwDTJeWakjAc2UbJjdabZkXlZdNB6z43rORNKFNTJ489dlj:YkItbuoBdy2dz6z43rORNKFNt48Vj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393497", "to_ids": false, "type": "size-in-bytes", "uuid": "076fbb1b-c0f3-4f40-a9fa-592e8f060c5e", "value": "1282048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393497", "to_ids": true, "type": "vhash", "uuid": "db5a4397-260a-414a-b4a0-acba3889209e", "value": "116066655d15155e7075z200357z40d5z20300227z30024cc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772393497", "to_ids": true, "type": "filename", "uuid": "96c0c63d-52c1-4094-8d60-8ee375f97d23", "value": "c1826e0d310a6a02f2ee1b5d88b6c0dd48baa8fe1dd99447e98e42c4ca023c96N" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393497", "to_ids": false, "type": "text", "uuid": "761f3723-5d1e-46f7-acd7-ee39588c5e2d", "value": "DLLs associated with the same executable\r\nType Description: Win32 DLL\nMicrosoft: Virus:Win32/Ramnit.A\nVT Total Detection:67/72\nFirst Submission:2024-10-27T00:07:25.000000+00:00\nLast Submission:2024-10-27T00:07:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394865", "uuid": "9402e5a4-232c-48a2-bdad-13d261d37367", "Attribute": [ { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394865", "to_ids": true, "type": "md5", "uuid": "e71127c9-b8bf-4568-a705-309a05cfbbaa", "value": "4933a93f7ed1c571e2b1064e9064c846", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394162", "to_ids": true, "type": "sha1", "uuid": "b79da7d8-f13d-43b0-a2d0-f6a0b4430ca9", "value": "21170242c7910587918238bfe29fb477f38b2dd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLLs associated with the same executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394162", "to_ids": true, "type": "sha256", "uuid": "2a776836-5561-4493-9824-2c1893b2c971", "value": "fd8558b8a4165ebb47f120fa237c2ada306c430ae4cb2109eb644fd8b0b82b15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393519", "to_ids": true, "type": "ssdeep", "uuid": "a744d7b0-8ae4-42cf-a473-2c161bf87064", "value": "1536:tF4iaRs8zgvDVI8O2dasBDy2aPu0qWw8vEgA2Fbda:tFzj8zgvq2dacCPuuZLAada" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393519", "to_ids": false, "type": "size-in-bytes", "uuid": "1b8c8e40-d51e-4635-9cc3-01e36907a9b9", "value": "81920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393519", "to_ids": true, "type": "vhash", "uuid": "24285091-ce25-4980-9d3d-99f2f18d9b66", "value": "184066655d15155e7az1&zc023" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 25/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393519", "to_ids": false, "type": "text", "uuid": "2aa25890-fbc0-4262-b87c-a243334ca804", "value": "DLLs associated with the same executable\r\nType Description: Win32 DLL\nMicrosoft: Virus:Win32/Ramnit.A\nVT Total Detection:66/72\nFirst Submission:2024-10-18T17:01:25.000000+00:00\nLast Submission:2024-10-18T17:01:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394887", "uuid": "cf563cf1-922e-4ad0-a147-fa8eab891719", "Attribute": [ { "category": "Payload delivery", "comment": "Ramnit", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394887", "to_ids": true, "type": "md5", "uuid": "1e3a03ca-7d01-4fa9-9b20-45be110ed711", "value": "ff5e1f27193ce51eec318714ef038bef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ramnit", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394163", "to_ids": true, "type": "sha1", "uuid": "c598098d-9b92-4a17-8815-8418cb333445", "value": "b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ramnit", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394163", "to_ids": true, "type": "sha256", "uuid": "b5f5dd8c-d2a5-43e3-bf0d-8f32503f6930", "value": "fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393541", "to_ids": true, "type": "ssdeep", "uuid": "a4d18872-c9f4-49c6-9e6b-e3228463217d", "value": "1536:Q+hzRsibKplyXTq8OGRnsPFG+RODTb7MXL5uXZnzE:bROzoTq0+RO7IwnY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393541", "to_ids": false, "type": "size-in-bytes", "uuid": "a78ce3c8-8d62-4ad5-b632-c63cb158c703", "value": "56320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393541", "to_ids": true, "type": "vhash", "uuid": "2dd774b8-2fc4-471c-8a78-529bf149149b", "value": "05403e0f7d1bz6hz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772393541", "to_ids": true, "type": "filename", "uuid": "122a3e17-7f22-409a-b235-6159c41b8194", "value": "nedwp.exe" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 25/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393541", "to_ids": false, "type": "text", "uuid": "85299816-5fcb-4f72-81fb-d4e7bde766dd", "value": "Ramnit\r\nType Description: Win32 EXE\nMicrosoft: Worm:Win32/Ramnit!pz\nVT Total Detection:67/72\nFirst Submission:2010-07-30T21:00:35.000000+00:00\nLast Submission:2026-02-26T12:11:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394909", "uuid": "b2c45cdf-a1f7-4e88-82ae-87a28b1913e8", "Attribute": [ { "category": "Payload delivery", "comment": "Chaya_003 first iteration", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394909", "to_ids": true, "type": "md5", "uuid": "9e91dff1-0526-4ecb-b891-2e20bd8c713d", "value": "0a0d4c0246f99cdf78ee9ad8e00add71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Chaya_003 first iteration", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394165", "to_ids": true, "type": "sha1", "uuid": "abeec593-e139-4bdb-90c6-20ce7b896ff4", "value": "c1430ceb6d4daf7431a2c104739fb66a2033b118", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Chaya_003 first iteration", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394165", "to_ids": true, "type": "sha256", "uuid": "45c82c94-9bfc-49ea-ad60-f459fe60b8fb", "value": "b16a67f49ce5aa057236d2bff3e1ab2dcc2c6d3f2551e4520f54e125b2e289d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393562", "to_ids": true, "type": "ssdeep", "uuid": "99cba4a9-f9de-4878-be79-2f9f95c547f9", "value": "3072:mIyPMiUHXeVPEMIBUhoLFI+K+WlVNhhq+JGCI1Cld/gKTe5:q0BXwMxUCa+K+wVEPrv5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393562", "to_ids": false, "type": "size-in-bytes", "uuid": "0f2180cc-ecdb-483b-8e5f-083489ad7e2a", "value": "117760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393562", "to_ids": true, "type": "vhash", "uuid": "b12d699f-3514-4004-9118-627ec2622041", "value": "015046655d156az4d!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772393562", "to_ids": true, "type": "filename", "uuid": "d594ccfa-b695-488c-81d3-61e6efdcdd4b", "value": "test.exe" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 25/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393562", "to_ids": false, "type": "text", "uuid": "0544e565-939d-4186-9f34-2d714a612158", "value": "Chaya_003 first iteration\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:45/72\nFirst Submission:2024-10-03T15:52:53.000000+00:00\nLast Submission:2024-10-03T15:52:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394931", "uuid": "ba86475a-e85b-4e75-bec3-da8bbcd7955f", "Attribute": [ { "category": "Payload delivery", "comment": "Chaya_003 second iteration", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394931", "to_ids": true, "type": "md5", "uuid": "4978f6be-9a0d-4ec8-be3a-4cea9b02f157", "value": "eda591bf4b82d55f9f90765825e02200", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Chaya_003 second iteration", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394166", "to_ids": true, "type": "sha1", "uuid": "cf75c6cd-5492-489c-9f76-2dfd63256f19", "value": "b73b9dbe2da672f57a12647cf06501af377791f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Chaya_003 second iteration", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394166", "to_ids": true, "type": "sha256", "uuid": "48faf1e5-d1dc-4f8a-b99a-d979793430f7", "value": "517e35b32c4a1dedb155bbd208422cd5c5d34b5ec378712b7e8182fd26473c7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393584", "to_ids": true, "type": "ssdeep", "uuid": "dd69fea8-fe0f-4045-80b3-4c58dfb29195", "value": "3072:ud4Etsu/ELvFpBtfSDNPy2NDq4PJeGiBFNjNSbHWosU/h/u1n:uzpmFpvq11DdqFJ85/u1n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393584", "to_ids": false, "type": "size-in-bytes", "uuid": "91a2f910-5ae1-40fa-a491-e00fd2993038", "value": "124416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393584", "to_ids": true, "type": "vhash", "uuid": "0af786d9-53e5-40bc-8d03-ca6fb43f7e14", "value": "015046655d156az4fnz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772393584", "to_ids": true, "type": "filename", "uuid": "2d1c573f-29e6-45e2-a187-0d421d5253ab", "value": "Isass.exe" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 01/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393584", "to_ids": false, "type": "text", "uuid": "831f6d84-7794-401c-a72c-5d31893d9d2d", "value": "Chaya_003 second iteration\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:47/72\nFirst Submission:2024-10-04T14:42:41.000000+00:00\nLast Submission:2026-01-08T17:00:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394952", "uuid": "8cd48f7a-2868-4f61-99af-62cfe7ead777", "Attribute": [ { "category": "Payload delivery", "comment": "Chaya_003 third iteration", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394952", "to_ids": true, "type": "md5", "uuid": "9020f904-6bf5-445b-a0e2-974417648a7d", "value": "bf086ff4b12afa0ca593b77c0d02fd15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Chaya_003 third iteration", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394167", "to_ids": true, "type": "sha1", "uuid": "1bbd4b01-0594-42e9-bc7e-631956a0356f", "value": "cb7f96e3c3a22e1221f5ac3061adad4090e3e097", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Chaya_003 third iteration", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394167", "to_ids": true, "type": "sha256", "uuid": "293b7349-a627-4a37-94e5-036d106b833e", "value": "9579c6987ac8969d0b0cc0cc2a9da3b034fac41525d96fa79fa02d05813e70f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393606", "to_ids": true, "type": "ssdeep", "uuid": "3e858965-6399-4a11-acd6-161b0f1cb0f4", "value": "3072:IZYImjtQxFSPCG3bnLVngmtzB8K3hPNSg7MirQ/zH/JqwwA5:M9utQfSPJLJnRn8u51toq9A5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393606", "to_ids": false, "type": "size-in-bytes", "uuid": "efe716ab-3d41-46d8-98de-c87fd22012ab", "value": "119808" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393606", "to_ids": true, "type": "vhash", "uuid": "648eea7e-4c00-45cc-aa48-725db55a611c", "value": "015046655d156az4enz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772393606", "to_ids": true, "type": "filename", "uuid": "1413b674-7236-4aba-9d36-be65e8f99386", "value": "elsass.exe" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393606", "to_ids": false, "type": "text", "uuid": "2a229e99-3d38-47cd-b6d4-c980e5ed0903", "value": "Chaya_003 third iteration\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:44/72\nFirst Submission:2024-10-04T19:39:31.000000+00:00\nLast Submission:2024-10-04T19:39:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772394974", "uuid": "f3669ca2-16bb-4985-90b4-a8729c0b8966", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772394974", "to_ids": true, "type": "md5", "uuid": "aeb9b467-f994-4077-9831-d59087f10d3b", "value": "cc23029c4a9f58ca896863ae768792de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772394168", "to_ids": true, "type": "sha1", "uuid": "8ebfc55f-d46d-44da-ae70-fe2204172b44", "value": "1377a188d2d0faf1f698cb020a2b5b6d04771fe8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772394168", "to_ids": true, "type": "sha256", "uuid": "4c4898b0-e0c7-404d-b925-d40715fa499a", "value": "1f1035b91db1264eb94aa055cdb50f35f0c27744e77e74b7031e099b112a5837", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772393628", "to_ids": true, "type": "ssdeep", "uuid": "cccbbbae-5eb3-46dc-8f8b-ce44808d365e", "value": "49152:2cAXYhzNzVF/SlU95qTS+0wRMXDr4zsq5:XfNzVF/SlU/dwRMXDr4zsq5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772393628", "to_ids": false, "type": "size-in-bytes", "uuid": "77bfd125-715e-4dd9-807d-172724109056", "value": "2583814" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772393628", "to_ids": true, "type": "vhash", "uuid": "c7269ac1-2db5-489b-bdce-726b82cb6150", "value": "0261276d1555555c0d1d1az394flz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772393628", "to_ids": true, "type": "filename", "uuid": "b4eec6e8-a175-46c7-a754-791c189ae4bf", "value": "demobox.exe" }, { "category": "Other", "comment": "Checked: 02/03/2026\nLast-scan\t: 03/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772393628", "to_ids": false, "type": "text", "uuid": "dbef3c31-4e6a-47ad-9d68-aa2907c9f06f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:13/73\nFirst Submission:2024-10-11T20:23:49.000000+00:00\nLast Submission:2024-10-11T20:23:49.000000+00:00" } ] } ] } }