{ "Event": { "analysis": "1", "date": "2016-06-02", "extends_uuid": "", "info": "[Threat Intel] IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems", "protected": false, "publish_timestamp": "1772419496", "published": true, "threat_level_id": "2", "timestamp": "1772419494", "uuid": "a46eea22-de83-40b8-a2a9-f53ebfc17443", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-assets=\"Control Server\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771813806", "to_ids": false, "type": "link", "uuid": "6c9afa68-3e79-4d74-9f26-fb0b4b9992bb", "value": "https://cloud.google.com/blog/topics/threat-intelligence/irongate-ics-malware" }, { "category": "Payload delivery", "comment": "Pyinstaller Artifacts for update.exe2 No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771814525", "to_ids": true, "type": "md5", "uuid": "608aa2b3-fe51-4bb1-95b1-b2a859bb34fa", "value": "eda021acaca81ae99e39eccda0163295", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Pyinstaller Artifacts for update.exe2 No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771814526", "to_ids": true, "type": "md5", "uuid": "07b84b1d-9544-4e0f-91f2-d946c7ae845d", "value": "9b588adb1d0ae72ceb4051031fd1f1f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Pyinstaller Artifacts for update.exe2 No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771814527", "to_ids": true, "type": "md5", "uuid": "861afe63-b999-466f-9b4e-bd0df9a88eac", "value": "ec07a5ecb182960777007afe2c077a1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Pyinstaller No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771814528", "to_ids": true, "type": "md5", "uuid": "e62262c7-3721-4b0d-97bd-3ff5470a4180", "value": "026bc58300de02455937cef46405f065", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Pyinstaller No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771814528", "to_ids": true, "type": "md5", "uuid": "5c7568f2-e04c-4a79-b423-39fd81b2098b", "value": "a79596bcca537fa3fa45037f4855fd00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771814529", "to_ids": true, "type": "md5", "uuid": "a7ce278b-dc2f-4c10-8deb-fbe46f8b8945", "value": "41906403206ea5c7dcdbfae230add9fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771814532", "uuid": "9e7d14e2-c04e-4552-bce1-f1938e538cd3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771814532", "to_ids": true, "type": "md5", "uuid": "53a6332f-5784-4233-86e2-500358bbc027", "value": "957581fb38a4e76e84f60e2bb19b9499", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771814514", "to_ids": true, "type": "sha1", "uuid": "6cc65265-1cd2-484c-afcd-ed28c5f5455a", "value": "8fb1cafbb8ca65c1b8236a20079c40fb4ffbaa68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771814514", "to_ids": true, "type": "sha256", "uuid": "f7e7a21b-6c48-468a-85ac-614f0d2f78e4", "value": "ed7a5e48113b1fd206e6a8c46671eb37dab864d1bd6fe44714a0ae377cf1248a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771814270", "to_ids": true, "type": "ssdeep", "uuid": "e448e2b8-056e-47a8-9cc0-f32e2f409536", "value": "98304:5MGtTsl+6misxzYmaKZMoFfSbqgGEGPfx1cdfabXHAFev:5btJ1z9fFspAPclwXAYv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771814270", "to_ids": false, "type": "size-in-bytes", "uuid": "5bbf2cef-d258-4abe-b7e2-3263f87acf25", "value": "3316353" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771814270", "to_ids": true, "type": "vhash", "uuid": "d5263f0d-4219-4674-9183-b0ba1c263b35", "value": "036056656d15755az5fvz17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771814270", "to_ids": true, "type": "filename", "uuid": "7fd107de-dba6-4522-92ff-55bcb9b8cc34", "value": "957581fb38a4e76e84f60e2bb19b9499_WoKsIXXgvrpnSeERETqlsv.eXe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 24/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771814270", "to_ids": false, "type": "text", "uuid": "64e455ea-130a-4729-922e-40821f4d6285", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ymacco!rfn\nVT Total Detection:42/70\nFirst Submission:2014-10-28T15:04:27.000000+00:00\nLast Submission:2019-10-09T03:48:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771814554", "uuid": "0596a135-9c61-415c-8945-b6b6ff2e453d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771814554", "to_ids": true, "type": "md5", "uuid": "6ab6f04e-8e67-4ea1-86ea-eff0a3cb9c50", "value": "75d118996f5190edafca1b1904a7eea8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771814515", "to_ids": true, "type": "sha1", "uuid": "09e940ef-df98-41a5-b2da-abc35a261ae1", "value": "b99970e86ae3f412bda5f20a8318e70559c617f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771814515", "to_ids": true, "type": "sha256", "uuid": "6500b29d-5f39-4266-8dc3-326d55714e48", "value": "2044712ceb99972d025716f0f16aa039550e22a63000d2885f7b7cd50f6834e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771814292", "to_ids": true, "type": "ssdeep", "uuid": "5650eaee-74bc-458f-a1ff-260294b52acc", "value": "98304:5MPh9pyKnmaKZMoFfSbqgGEGPfx1cdfabXHAFel:5sArfFspAPclwXAYl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771814292", "to_ids": false, "type": "size-in-bytes", "uuid": "ddc5096b-1fd1-49a2-a73b-b2a45f49ea78", "value": "3377275" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771814292", "to_ids": true, "type": "vhash", "uuid": "5bb5afdf-bd76-4b4d-ae5d-214b2a66575d", "value": "036056656d15755az5fvz17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771814292", "to_ids": true, "type": "filename", "uuid": "0e225d75-6c06-4580-ba3a-611fa772641c", "value": "b99970e86ae3f412bda5f20a8318e70559c617f6_update.ex" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 23/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771814292", "to_ids": false, "type": "text", "uuid": "16aa415f-1db6-4607-9f09-7dc250923393", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:47/70\nFirst Submission:2014-10-28T14:41:56.000000+00:00\nLast Submission:2016-07-12T09:07:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771814576", "uuid": "0c8019e8-9d0b-422c-9e66-9062b363e575", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771814576", "to_ids": true, "type": "md5", "uuid": "9a44c63b-f002-4e45-b370-9eb35812241a", "value": "9f37e1ea08e6a4ae03e9feba6d1f6259", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771814516", "to_ids": true, "type": "sha1", "uuid": "1fac0fc1-2932-420b-b5a6-665cc04cf34d", "value": "8f28e619ae3301869089f4cd45558f2b13444714", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771814516", "to_ids": true, "type": "sha256", "uuid": "e8914f8e-8ab4-4d76-8f04-d2faf6446809", "value": "a7937011e9da51475e91ab1f007d09bd97dfb94d23683a0f73b7bb85de8f9b27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771814313", "to_ids": true, "type": "ssdeep", "uuid": "48366217-c519-49b7-84cb-28fced857914", "value": "98304:5M7Fmur8bnsZtomaKZMoFfSbqgGEGPfx1cdfabXHAFep:5wAur8AxfFspAPclwXAYp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771814313", "to_ids": false, "type": "size-in-bytes", "uuid": "6d694472-27dc-4318-8213-74b270a7e33c", "value": "3319829" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771814313", "to_ids": true, "type": "vhash", "uuid": "5a36a7c8-9933-41d7-9e61-176102225a6a", "value": "036056656d15755az5fvz17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771814313", "to_ids": true, "type": "filename", "uuid": "3b5d1c74-690c-4d87-b038-ed51c1859e77", "value": "8f28e619ae3301869089f4cd45558f2b13444714_update_no_pipe.ex" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 24/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771814313", "to_ids": false, "type": "text", "uuid": "68617caa-11ca-438e-86c0-3cef28dd771d", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Skeeyah.A!MTB\nVT Total Detection:44/70\nFirst Submission:2014-10-28T15:01:26.000000+00:00\nLast Submission:2016-07-12T09:12:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771814597", "uuid": "47ed8ec4-2766-43b1-93cc-d700335fd56e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771814597", "to_ids": true, "type": "md5", "uuid": "5303f869-f896-4440-b753-66a7b73fc463", "value": "3152f21d701a2397e7b22711b8019b82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771814517", "to_ids": true, "type": "sha1", "uuid": "01635e3d-17d1-4d4b-8fbb-0e0128696d8e", "value": "97594fe0ad83ae00f3888ff4722a3e00729a2e1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771814518", "to_ids": true, "type": "sha256", "uuid": "da1b91b2-7e7b-42d4-a627-a8a27403a008", "value": "882878f2bf5a67de3fde30816fe304e42f6ce18d0160674f6d4ec3b061b2821a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771814335", "to_ids": true, "type": "ssdeep", "uuid": "5ca553b5-e074-4bc4-84a7-89afaba2fc0d", "value": "98304:5M7Fmur8bnsZtxomaKZMoFfSbqgGEGPfx1cdfabXHAFe5:5wAur8ATfFspAPclwXAY5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771814335", "to_ids": false, "type": "size-in-bytes", "uuid": "51c7cdf6-3d38-4c65-8d1e-f37b68fb83c8", "value": "3319825" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771814335", "to_ids": true, "type": "vhash", "uuid": "4014c2de-0b0a-402a-84b5-8d3fa2e19e62", "value": "036056656d15755az5fvz17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771814335", "to_ids": true, "type": "filename", "uuid": "101c0326-fa4d-4464-94e7-507ee45f9685", "value": "update_no_pipe.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 07/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771814335", "to_ids": false, "type": "text", "uuid": "376fdccd-fdbb-47bb-bd57-74ed315e9f35", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ymacco.AA88\nVT Total Detection:47/72\nFirst Submission:2014-10-28T14:46:36.000000+00:00\nLast Submission:2018-05-24T14:49:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771814619", "uuid": "c8860279-25de-41a0-96c1-e89825feeb5a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771814619", "to_ids": true, "type": "md5", "uuid": "41f8f999-0537-4360-81dc-e4bf796c5dfd", "value": "ef2a97512fdb45cd26089ad2ff61f1cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771814519", "to_ids": true, "type": "sha1", "uuid": "9f419460-1fc8-487c-8fd0-d6f815921c6f", "value": "bcdac11106908c8c37f200c0e028b11c4a89adc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771814519", "to_ids": true, "type": "sha256", "uuid": "f920697f-4703-414d-8b34-f8577449c0e9", "value": "386ed16fece9cc24c4d123cdf91a371829098ba7abd4c8fefb40b4e376e7ac6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771814357", "to_ids": true, "type": "ssdeep", "uuid": "13641ea9-27df-427e-a0c9-f04c9d7404c3", "value": "98304:01LMvC84g0cR35bmaKZIFQvRVYDvDzpzL0zsmt:01L60I3MeIYbDzRvm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771814357", "to_ids": false, "type": "size-in-bytes", "uuid": "c7d74f26-9ea6-4999-9ced-a8381ef8749f", "value": "4283142" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771814357", "to_ids": true, "type": "vhash", "uuid": "c4e8e313-8c61-4f81-93dd-a227a5372373", "value": "046046656d157az67vz17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771814357", "to_ids": true, "type": "filename", "uuid": "f72ea245-5e0f-4bbc-8055-5a196f8400d5", "value": "bcdac11106908c8c37f200c0e028b11c4a89adc9_update.ex" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 06/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771814357", "to_ids": false, "type": "text", "uuid": "7f9c102d-8620-4907-9f93-d3b39d55c5c9", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Occamy.C38\nVT Total Detection:44/72\nFirst Submission:2014-09-29T14:17:42.000000+00:00\nLast Submission:2016-07-12T09:23:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771814640", "uuid": "3fab9d66-1702-4a84-978b-765318d26104", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771814640", "to_ids": true, "type": "md5", "uuid": "6c1683d2-9f16-42de-ac8a-3f925a452122", "value": "874f7bcab71f4745ea6cda2e2fb5a78c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771814520", "to_ids": true, "type": "sha1", "uuid": "0d9f190b-6782-40e2-92a0-68be8bf0348d", "value": "7e6cce889cda22b18defc6319d02b3b93e9e2474", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771814520", "to_ids": true, "type": "sha256", "uuid": "d89e4749-dace-44a8-827c-2d61936b73bb", "value": "0539af1a0cc7f231af8f135920a990321529479f6534c3b64e571d490e1514c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771814400", "to_ids": true, "type": "ssdeep", "uuid": "e8f45b96-2bd9-40a3-b9bc-7a8cba48382f", "value": "192:t0deubawqyepjCiOmsHp/owGjEu/mzKwOgLKDML9sGxlpO0x2lHlCPilG/M5hw17:mD72+msJ/oDEaRMZL7g0x2bCZM6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771814400", "to_ids": false, "type": "size-in-bytes", "uuid": "5c5ee87e-602c-43ca-a78a-91aa139326fb", "value": "18432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771814400", "to_ids": true, "type": "vhash", "uuid": "cae1a41e-60d0-44d6-9d2c-a1b64e2e23d6", "value": "2140365515112014db61048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771814400", "to_ids": true, "type": "filename", "uuid": "5e1c5080-2ee6-4b03-8e9a-e69cccd3efdc", "value": "PackagingModule.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 06/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771814400", "to_ids": false, "type": "text", "uuid": "6e63df73-c04d-4640-9569-f5ba70bf0ebc", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/IronGate.A\nVT Total Detection:51/72\nFirst Submission:2014-09-29T15:10:26.000000+00:00\nLast Submission:2021-06-01T09:36:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771814661", "uuid": "458a42fc-1c7c-4bdf-9532-0a6870eb5bbb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771814661", "to_ids": true, "type": "md5", "uuid": "212e190d-3037-46e4-b912-c88dd31a0af8", "value": "7c51474e6560c51dfc815d4a227ba1aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771814521", "to_ids": true, "type": "sha1", "uuid": "8866affb-bc32-4688-b71d-cbd654c6e339", "value": "66ce4b32afedac934904000715550fabe8e3691f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771814521", "to_ids": true, "type": "sha256", "uuid": "851a97ce-5786-42c2-a133-3cf3b34f845f", "value": "fa8400422f3161206814590768fc1a27cf6420fc5d322d52e82899ac9f49e14f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771814421", "to_ids": true, "type": "ssdeep", "uuid": "bdf2dbcd-debf-4592-84dc-220c50880f4d", "value": "192:AwqyepjCiOmsHp/owGjEu/mzKwOgLKDML9:T72+msJ/oDEaRMZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771814421", "to_ids": false, "type": "size-in-bytes", "uuid": "3e3ba693-a384-4da1-b15e-1b64c6d5a753", "value": "9728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771814422", "to_ids": true, "type": "vhash", "uuid": "afe05f07-9f74-49fa-a58a-1e6147682901", "value": "3930365515180a2531014" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771814422", "to_ids": true, "type": "filename", "uuid": "428039a8-246e-44e0-b436-226aa41de9e7", "value": "Step7ProSim.dll" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 06/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771814422", "to_ids": false, "type": "text", "uuid": "28c27e36-2e3e-489c-929e-ad69498c312d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:45/72\nFirst Submission:2016-06-02T17:57:40.000000+00:00\nLast Submission:2023-04-03T19:17:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771814684", "uuid": "bf9446ff-be13-4072-9634-31ef61f8192c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771814684", "to_ids": true, "type": "md5", "uuid": "6da2d2d1-a19c-4e03-9a3c-60a57002f38b", "value": "1f338bdd92f08803a2ac7022a34d98fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771814523", "to_ids": true, "type": "sha1", "uuid": "f03b56a0-6e06-49aa-aac0-fa1ec4f0e175", "value": "38ec222e82b538c8607485d4dd191b5b4eed4fdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771814523", "to_ids": true, "type": "sha256", "uuid": "28b3625f-80c8-4bd3-b894-55b5acf10327", "value": "750aa0302e59da6c3e853c89c76c5f44125394c34cb0a8c70d756b3064f7cdff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771814443", "to_ids": true, "type": "ssdeep", "uuid": "eb7dd256-e3a1-4bcb-93eb-74fa80eea4d4", "value": "768:cl7foMcKdOU8BnOPwGl/4Jtc7/nS5ltpm5gQAv1hezge9ZZ1Zt8R1UYYRIuNYpaN:cl7u1BnOP1lgtldkmVnTA6uvHlHaeH3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771814443", "to_ids": false, "type": "size-in-bytes", "uuid": "e9786fd0-dcaa-402c-bf83-ab34ad7769b7", "value": "150328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771814443", "to_ids": true, "type": "vhash", "uuid": "90509109-112f-46c9-8eaa-18e7f72e14f8", "value": "015036551d5041z11z6002dnz9fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771814443", "to_ids": true, "type": "filename", "uuid": "3abf7adc-7350-470b-9290-36c8477bf0e2", "value": "pipelist.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 19/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771814443", "to_ids": false, "type": "text", "uuid": "f1a2c3fa-b483-4abc-9bb5-bf0ca2fcb201", "value": "Type Description: Win32 EXE\nFile distributed by: ['Nanni Bassetti']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['pipelist.exe']\nMicrosoft: None\nVT Total Detection:0/71\nFirst Submission:2009-02-22T06:41:00.000000+00:00\nLast Submission:2026-01-18T23:27:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771814706", "uuid": "ffd336fa-101b-4cad-8640-d38813714ac5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771814706", "to_ids": true, "type": "md5", "uuid": "39cc7606-5526-41c4-a2fb-7088470fffa6", "value": "7a0c1017e6b5bb5dc776b3b883a1d0e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771814524", "to_ids": true, "type": "sha1", "uuid": "d9ed8b00-b31c-4cf0-a122-d6039349e701", "value": "9efe39c0a6bff5dc18d3adf3b9522b5346cdbb9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771814524", "to_ids": true, "type": "sha256", "uuid": "61754924-8590-4597-9f28-c8843a1748a4", "value": "83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771814466", "to_ids": true, "type": "ssdeep", "uuid": "e194ff82-add3-4472-8a71-e4b9d6b52536", "value": "768:swGz/6Uu1SvAIHQCtuQEIjsiTreyrvJN4CSt/mFnbtAOdpnd:LGzyZAvhHTuvQsMtWCSFmFnbtAO3d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771814466", "to_ids": false, "type": "size-in-bytes", "uuid": "082619f5-122b-4a12-9c9b-18cc733e77ec", "value": "44544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771814466", "to_ids": true, "type": "vhash", "uuid": "8960ece5-daad-4ceb-a199-e20452525657", "value": "04403e0f7d10101011z11z601fz13z15z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771814466", "to_ids": true, "type": "filename", "uuid": "63352236-057e-41fc-9ebf-880d1f2220ea", "value": "NetResView.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 13/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771814466", "to_ids": false, "type": "text", "uuid": "d7c4b6ee-fabd-4bde-be4b-a1588f704b46", "value": "Type Description: Win32 EXE\nFile distributed by: ['Nir Sofer']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['NetResView.exe']\nMicrosoft: None\nVT Total Detection:5/71\nFirst Submission:2013-11-04T22:45:36.000000+00:00\nLast Submission:2026-02-07T08:37:17.000000+00:00" } ] } ] } }