{ "Event": { "analysis": "1", "date": "2015-02-17", "extends_uuid": "", "info": "[Threat Intel] BE2 extraordinary plugins, Siemens targeting, dev fails", "protected": false, "publish_timestamp": "1772419929", "published": true, "threat_level_id": "2", "timestamp": "1772419927", "uuid": "c1d9af5e-2f14-4d65-9517-74c5c387ed0c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": "" }, { "colour": "#f6810a", "local": false, "name": "ICS-capable", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771800938", "to_ids": false, "type": "link", "uuid": "ee7945c6-51f4-4a00-b7c2-af7c18b83c7d", "value": "https://securelist.com/be2-extraordinary-plugins-siemens-targeting-dev-fails/68838/" }, { "category": "Network activity", "comment": "attackers tried to download their payload from here", "deleted": false, "disable_correlation": false, "timestamp": "1771801936", "to_ids": true, "type": "url", "uuid": "1d4760aa-91b2-4e48-b2d4-765d34e7571f", "value": "http://94.185.85.122/favicon.ico", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "drops df84ff928709401c8ad44f322ec91392, driver No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771801930", "to_ids": true, "type": "md5", "uuid": "34fdbe30-2d88-4a86-bff5-153896439030", "value": "fda6f18cf72e479570e8205b0103a0d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771801931", "to_ids": true, "type": "md5", "uuid": "d4a8a881-edf7-4a35-a587-70d65fcdd2e4", "value": "df84ff928709401c8ad44f322ec91392", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1771801958", "to_ids": true, "type": "ip-dst", "uuid": "925243b5-a9a5-4834-ad79-76ce5f927055", "value": "144.76.119.48", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "drops 39835e790f8d9421d0a6279398bb76dc, driver No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771801933", "to_ids": true, "type": "md5", "uuid": "d307dad1-9231-4dc4-b914-8445b494263d", "value": "fe6295c647e40f8481a16a14c1dfb222", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771801934", "to_ids": true, "type": "md5", "uuid": "579d4b80-2ffd-4c92-b2ff-ab8745c7b51b", "value": "39835e790f8d9421d0a6279398bb76dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1771801979", "to_ids": true, "type": "ip-dst", "uuid": "f3496abd-0b7f-40c9-850a-df5ed10e3882", "value": "95.143.193.131", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1771802000", "to_ids": true, "type": "ip-dst", "uuid": "5976ba31-4816-48de-810e-5aeb11d1c06d", "value": "46.165.222.6", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771802021", "uuid": "71e42a7e-a6e2-4f99-97e6-ca0dc3ff6699", "Attribute": [ { "category": "Payload delivery", "comment": "The \u201cDestroy\u201d plugin, dstr", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771802021", "to_ids": true, "type": "md5", "uuid": "b887952a-fd1e-4907-a948-f4e23d05b4c6", "value": "8a0a9166cd1bc665d965575d32dfa972", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "The \u201cDestroy\u201d plugin, dstr", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801919", "to_ids": true, "type": "sha1", "uuid": "b9588a18-ebb5-436f-88bc-73007babe481", "value": "a22351fc5133c5f588a115f5377753039382a9da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "The \u201cDestroy\u201d plugin, dstr", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801919", "to_ids": true, "type": "sha256", "uuid": "79a7dab2-7f78-443f-a76a-0ff14a843844", "value": "5102ed5f2376b7ae55b656c0e82c412edd8c6dc30f7adedff891d6fc85920af9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801593", "to_ids": true, "type": "ssdeep", "uuid": "f33d801e-1362-479b-8334-df1f09dc9646", "value": "768:azj/0N6DPazU8UR1X769m/3Mm6oWDnZfzEftCms+O8:CcN6DizHU3L6AfMm6HnefUL+d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801593", "to_ids": false, "type": "size-in-bytes", "uuid": "2b27d85b-a57d-4283-b7a4-237ae0572270", "value": "26474" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801593", "to_ids": true, "type": "vhash", "uuid": "560be6da-91c6-4473-bb6e-85a433e953b2", "value": "124056651d75151az11nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801593", "to_ids": true, "type": "filename", "uuid": "e60d2c55-8e53-4d7e-b4e5-dae4e15547e4", "value": "distr" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 17/06/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801593", "to_ids": false, "type": "text", "uuid": "13877e7e-31e1-4f8d-ab23-1b3c44c1fe81", "value": "The \u201cDestroy\u201d plugin, dstr\r\nType Description: Win32 DLL\nMicrosoft: Worm:Win32/Phdet.B\nVT Total Detection:46/73\nFirst Submission:2014-06-21T22:10:24.000000+00:00\nLast Submission:2020-06-16T19:04:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771802043", "uuid": "e3beb721-27f2-4467-a4a6-1b8c1bc56aa6", "Attribute": [ { "category": "Payload delivery", "comment": "Decrypted 32-bit driver", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771802043", "to_ids": true, "type": "md5", "uuid": "3fe1d34f-9223-44f9-9c24-e641be1dbc29", "value": "c4426555b1f04ea7f2e71cf18b0e5b6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Decrypted 32-bit driver", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801920", "to_ids": true, "type": "sha1", "uuid": "5dc24ce7-8940-4a98-8a42-829f1a58ed20", "value": "483c8fcc0708e50105da2784ab650a476f019550", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Decrypted 32-bit driver", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801920", "to_ids": true, "type": "sha256", "uuid": "fcc11351-17ec-4b0f-8ad6-69dd99d907af", "value": "985db1611ef378f1af6e4d9277aa2b1c1869a009c5342423f4defa89a866080a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801614", "to_ids": true, "type": "ssdeep", "uuid": "990d8e60-5e26-4d4b-ab83-22edb080eb3e", "value": "48:i9ODWlUYi3Cs5eoX167j4D4wl1cXczxgfmt6GGnqwPm9H2A3tl2J7k7i+y:m8tSsho72cXQjZGnCtdgkO+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801614", "to_ids": false, "type": "size-in-bytes", "uuid": "022e3f07-4af7-40e5-aa7e-ccb373ae6655", "value": "5120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801614", "to_ids": true, "type": "vhash", "uuid": "3e267eb7-bec7-42d8-947c-8eaf84560969", "value": "053056551d1e151iz13xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801614", "to_ids": true, "type": "filename", "uuid": "6dccac75-6207-44ed-9e1b-189420bb157c", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 03/05/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801614", "to_ids": false, "type": "text", "uuid": "70c6dd5f-134d-4eb1-a02f-4da5fec8ab8d", "value": "Decrypted 32-bit driver\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casur.A!cl\nVT Total Detection:38/70\nFirst Submission:2014-09-15T11:00:20.000000+00:00\nLast Submission:2018-04-05T14:39:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771802064", "uuid": "4f2967ca-0c8b-40e7-8104-16610de7bba1", "Attribute": [ { "category": "Payload delivery", "comment": "Decrypted 64-bit driver", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771802064", "to_ids": true, "type": "md5", "uuid": "3bef05e8-c311-4603-baa6-67c777c2ed93", "value": "2cde6f8423e5c01da27316a9d1fe8510", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Decrypted 64-bit driver", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801921", "to_ids": true, "type": "sha1", "uuid": "a4504ff2-cecb-4af1-8a47-fb2a9b7e9170", "value": "d54e3a3306157bbe7686cd323f36bf55fe6d2e06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Decrypted 64-bit driver", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801921", "to_ids": true, "type": "sha256", "uuid": "6e3b824f-af4a-4733-a534-fc687ad9c03b", "value": "24e8d0585ff4ce5f8fbd6a4157870a00521b73efce5b4a350d9c423725cadd02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801636", "to_ids": true, "type": "ssdeep", "uuid": "1723b9f0-913e-412f-8eb4-6a56efdc8717", "value": "192:miqYcRmMUcs5i5h9l0HNWKcbwhAzwBcAcb/kd:milcRmMUcnL0HOEYwmXkd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801636", "to_ids": false, "type": "size-in-bytes", "uuid": "e8b2cdbe-4529-401c-9e0a-ddb8baf7875a", "value": "9136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801636", "to_ids": true, "type": "vhash", "uuid": "8392476c-3153-489a-86cd-d8079c3c0c4e", "value": "093066551d151e151iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801636", "to_ids": true, "type": "filename", "uuid": "ffb5e8f2-d721-4eb6-aaf2-e86bf221211d", "value": "virussign.com_2cde6f8423e5c01da27316a9d1fe8510.vir" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 14/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801636", "to_ids": false, "type": "text", "uuid": "fd01955b-21b5-4a45-af16-d9a7e6273fbc", "value": "Decrypted 64-bit driver\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Occamy.C\nVT Total Detection:33/68\nFirst Submission:2014-09-15T12:12:26.000000+00:00\nLast Submission:2016-01-08T06:27:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771802085", "uuid": "ea9519bb-42ea-403c-8fc6-af71be93015c", "Attribute": [ { "category": "Payload delivery", "comment": "grc, plus.google.com replacement communications plugin", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771802085", "to_ids": true, "type": "md5", "uuid": "a301f54f-5247-409a-83da-d5d13e4503bb", "value": "ee735c244a22b4308ea5d36afee026ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "grc, plus.google.com replacement communications plugin", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801922", "to_ids": true, "type": "sha1", "uuid": "6893d4d4-fb88-4b43-856c-f68be32b6ac5", "value": "3621c367c33577635ab002368b958f6ca6028ca4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "grc, plus.google.com replacement communications plugin", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801922", "to_ids": true, "type": "sha256", "uuid": "cb2efbf1-0953-4170-b408-3a16b7fb84b6", "value": "68fd1444d8bbbc7b68e4ec3c85756f0d4a302384fbce53cb95ebfabee7a23cf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801658", "to_ids": true, "type": "ssdeep", "uuid": "93c28c1e-b53e-47b7-b4cd-da6fb4750b5b", "value": "192:GCLXsbHbUYvMCKdAQFxFJDL33Mcwk75UldHRtOFbpD1lRPBMBG2sHNoaejU/AYQH:GEXsbH/Q3Gk756hRtWvROBWoVYOi+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801658", "to_ids": false, "type": "size-in-bytes", "uuid": "b3679101-a430-4d91-adcb-ce6c2d111731", "value": "15873" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801658", "to_ids": true, "type": "vhash", "uuid": "55336cbc-41be-4739-8fdd-b86ec51c109c", "value": "114056651d15151bz6?z3" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 02/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801658", "to_ids": false, "type": "text", "uuid": "6c912f23-5bd2-4cee-b985-464d7db45b4a", "value": "grc, plus.google.com replacement communications plugin\r\nType Description: Win32 DLL\nMicrosoft: TrojanDownloader:Win32/Dynamer!ac\nVT Total Detection:27/69\nFirst Submission:2015-02-20T13:15:56.000000+00:00\nLast Submission:2015-02-20T13:15:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771802107", "uuid": "4563cd37-07d3-4c31-9243-95101c9b0502", "Attribute": [ { "category": "Payload delivery", "comment": "Universal serial bus data collection plugin, usb", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771802107", "to_ids": true, "type": "md5", "uuid": "cb2f6350-32d4-44f2-96ac-fd26272ffb41", "value": "0d4de21a2140f0ca3670e406c4a3b6a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Universal serial bus data collection plugin, usb", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801923", "to_ids": true, "type": "sha1", "uuid": "5a354c34-41af-4535-a7b0-2c73feb99bdc", "value": "e18ae0958f454e1a6614902b97c725652d523322", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Universal serial bus data collection plugin, usb", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801923", "to_ids": true, "type": "sha256", "uuid": "d5f905e8-5c6e-4260-b63d-757c9c88a987", "value": "bce2d3570c869ee20875d4281e6399f7b4d6bd6b0eb75f12a9d0ab0e5c2d15cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801680", "to_ids": true, "type": "ssdeep", "uuid": "1847dfa4-4f05-43c8-86ca-677f35ffc54a", "value": "384:nZwXRhBh9o4yN6Q6uQNrSoLttoUaQ4aGY6UeF3E2+y6RifWTeKjTazdXBk1:nZwXRJ9+N6QQd5tKF3FwEOTFjKJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801680", "to_ids": false, "type": "size-in-bytes", "uuid": "ac616a03-d2aa-4efc-b393-bcb66ecc9474", "value": "34816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801680", "to_ids": true, "type": "vhash", "uuid": "b9062111-769a-403b-9e6e-517b50c51f1b", "value": "134066555d1d15151bzenz1ez2" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 11/10/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801680", "to_ids": false, "type": "text", "uuid": "782dfa4f-13a2-4f90-9770-3546ef757aa3", "value": "Universal serial bus data collection plugin, usb\r\nType Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:38/68\nFirst Submission:2015-02-20T13:15:57.000000+00:00\nLast Submission:2015-04-21T21:48:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771802128", "uuid": "97f51cfd-df8d-478b-b91d-dce6c3721fab", "Attribute": [ { "category": "Payload delivery", "comment": "Motherboard and firmware data collection plugin, bios", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771802128", "to_ids": true, "type": "md5", "uuid": "928496e9-4d30-4af6-8423-a779e898462a", "value": "4747376b00a5dd2a787ba4e926f901f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Motherboard and firmware data collection plugin, bios", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801925", "to_ids": true, "type": "sha1", "uuid": "66179fd2-7de2-45a6-8c83-b1e9ee555fc3", "value": "3a606fd93489e6a035d77edd80a11a3b3da3b69f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Motherboard and firmware data collection plugin, bios", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801925", "to_ids": true, "type": "sha256", "uuid": "3aa7d887-8040-46a6-8a6f-87db2f797d4f", "value": "16385d8439eb3d95d0e032c721adfdcaca2001a02255ed403f0d4493d494f99c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801702", "to_ids": true, "type": "ssdeep", "uuid": "76c0be57-d358-487f-b31c-285d21f69e41", "value": "3072:SR2nN6w9jmNt/TojLf/crJGjkPj9oGde82a:SI5At/O6Pj9G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801702", "to_ids": false, "type": "size-in-bytes", "uuid": "8bcaf59e-91d0-4ea6-9bf9-25309896ed61", "value": "210432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801702", "to_ids": true, "type": "vhash", "uuid": "7618f381-e9a8-43e8-8495-1d84c2dc48dd", "value": "125056551d1d156az467z408bz1ez2" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 28/06/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801702", "to_ids": false, "type": "text", "uuid": "a6469e43-444b-49bb-aeef-13817a872273", "value": "Motherboard and firmware data collection plugin, bios\r\nType Description: Win32 DLL\nNoneMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:26/66\nFirst Submission:2015-02-20T13:15:54.000000+00:00\nLast Submission:2015-04-21T21:48:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771802149", "uuid": "436a4170-ebd4-4224-85ae-088245c4db8f", "Attribute": [ { "category": "Payload delivery", "comment": "drops b973daa1510b6d8e4adea3fb7af05870, drive", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771802149", "to_ids": true, "type": "md5", "uuid": "e5504f86-8cb2-4b3f-ae8f-e273021ae3cc", "value": "ac1a265be63be7122b94c63aabcc9a66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "drops b973daa1510b6d8e4adea3fb7af05870, drive", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801925", "to_ids": true, "type": "sha1", "uuid": "28ebbf53-1f44-4dd6-8ebf-6358bbb3aa7a", "value": "983cfcf3aaaeff1ad82eb70f77088ad6ccedee77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "drops b973daa1510b6d8e4adea3fb7af05870, drive", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801926", "to_ids": true, "type": "sha256", "uuid": "c82efd5b-2d41-4c94-ad3a-3de7d3f2e63b", "value": "ccc92ca0c01d44e85e8855b80e7ccda0bd02a5fd3218810330f71cce04e4c8fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801808", "to_ids": true, "type": "ssdeep", "uuid": "02e25f0b-f927-422c-9f48-19f6cac8f551", "value": "3072:ijlMgKM3lcEk9+nPukEMfOZDQlDXY+qP2YGH67PxnoMdXYfKJkXHlH0DCv:iQUcTAn2klTlD++niZn9ibHl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801808", "to_ids": false, "type": "size-in-bytes", "uuid": "3d8f4d31-a84f-4b40-9203-eda48a40e4bd", "value": "172544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801808", "to_ids": true, "type": "vhash", "uuid": "4dc80be1-f1d1-406f-bb75-0ce3762022c8", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801808", "to_ids": true, "type": "filename", "uuid": "117dfe63-f972-4a6a-895f-c3cc97cd33ed", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 15/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801808", "to_ids": false, "type": "text", "uuid": "d97b17c2-4006-48b6-81d0-0e98620e9939", "value": "drops b973daa1510b6d8e4adea3fb7af05870, drive\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Phdet.A\nVT Total Detection:62/72\nFirst Submission:2014-07-19T03:04:14.000000+00:00\nLast Submission:2025-03-13T08:20:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771802171", "uuid": "65a5d9d8-7a01-4cdb-956d-f416feaddde9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771802171", "to_ids": true, "type": "md5", "uuid": "45902856-763e-4256-a47b-d6b3d5a6cc4d", "value": "b973daa1510b6d8e4adea3fb7af05870", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801927", "to_ids": true, "type": "sha1", "uuid": "e6bbb6d4-1ae5-46fb-bb29-e4a8c28db42f", "value": "767bf89ba05ed6280efffe374cc5c2cfcb5ec6ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801927", "to_ids": true, "type": "sha256", "uuid": "55b307b6-d02f-4622-9391-03340cc4d651", "value": "136633e712ac52a0a5e0e7235f28efcd536eb929b700b07da1dedc422686d8e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801830", "to_ids": true, "type": "ssdeep", "uuid": "f72bb5c0-aeeb-4727-9513-279b18d25725", "value": "768:umCWaJ8bkK7gmn2munI1MEUYpjt9ivGEDCuPi+9/AL/f0kje5I6cyGWKuUF:Tlafh0R5bix7iYUskje5ey3JU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801830", "to_ids": false, "type": "size-in-bytes", "uuid": "6f60e427-d9b3-4885-87bf-599f4c782c0f", "value": "59904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801830", "to_ids": true, "type": "vhash", "uuid": "b588e0a8-8e04-4a28-b01c-53a9822f5e86", "value": "05405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801830", "to_ids": true, "type": "filename", "uuid": "3a9f089b-21f3-4001-b9d4-cc95baa9b434", "value": "767bf89ba05ed6280efffe374cc5c2cfcb5ec6ae.codex" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801830", "to_ids": false, "type": "text", "uuid": "7e028c2a-26fa-44e6-b78c-128d96938540", "value": "Type Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-06-15T00:25:38.000000+00:00\nLast Submission:2025-03-13T08:27:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771802192", "uuid": "501bbbf6-3a1a-49b1-831c-a0b0072da9d2", "Attribute": [ { "category": "Payload delivery", "comment": "drops f4b9eb3ddcab6fd5d88d188bc682d21d, driver", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771802192", "to_ids": true, "type": "md5", "uuid": "6e8a6f8a-8218-450c-b320-225a022f032e", "value": "8e42fd3f9d5aac43d69ca740feb38f97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "drops f4b9eb3ddcab6fd5d88d188bc682d21d, driver", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801928", "to_ids": true, "type": "sha1", "uuid": "9a1de315-35b0-44d3-8e9d-33efbfe99f1a", "value": "2040b3e9c3e359757ae5b957fd592d0dd3c80e06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "drops f4b9eb3ddcab6fd5d88d188bc682d21d, driver", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801928", "to_ids": true, "type": "sha256", "uuid": "ea3aef54-79d8-4da4-8674-73acb3127adf", "value": "846eee2cffede8626145a95bc7a721c9fe36a3a9d65646357593ecbf9801a30d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801851", "to_ids": true, "type": "ssdeep", "uuid": "406da3ba-abcb-4e74-9294-c0bab5ab034f", "value": "3072:ddtKeTZd7JKIsofIh1ZyCHoXIhp7ibxXuza+M9IURkIusXfGvDQH0DCP:7zrzfgIYhoYza+fakbU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801851", "to_ids": false, "type": "size-in-bytes", "uuid": "a6e4b8b0-583c-4e3a-9039-4e2148523f07", "value": "174080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801851", "to_ids": true, "type": "vhash", "uuid": "526fdcb2-2f97-46ce-9e4d-3f9dcb55ab66", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801851", "to_ids": true, "type": "filename", "uuid": "3d652414-eb13-44c0-bc40-486a52072997", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801851", "to_ids": false, "type": "text", "uuid": "83eb125c-287c-4931-8f60-3d24be25e8fa", "value": "drops f4b9eb3ddcab6fd5d88d188bc682d21d, driver\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Phdet.A\nVT Total Detection:61/73\nFirst Submission:2014-08-03T15:10:19.000000+00:00\nLast Submission:2025-03-16T02:17:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771802213", "uuid": "1d026fa4-5259-4e03-8fce-af4f62dda3d5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771802213", "to_ids": true, "type": "md5", "uuid": "6bb9624c-bf53-4eee-ba3a-b914e7ab3eeb", "value": "f4b9eb3ddcab6fd5d88d188bc682d21d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771801929", "to_ids": true, "type": "sha1", "uuid": "cdb34bff-0927-4e29-908b-5b201c52ef1a", "value": "efa0613da2d60843c2dd3aa399519eeca179a739", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771801929", "to_ids": true, "type": "sha256", "uuid": "b80c4693-a53a-43db-9b50-297f86b0762b", "value": "40436e69c06c2450c4723cb68e1d8fa2ae4701c6e11b0c566c7fbbe6cdb9cd1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771801873", "to_ids": true, "type": "ssdeep", "uuid": "03adf716-13c5-4e5f-82f4-5ff80156f4f9", "value": "1536:S2CHWMQqvL9hrWja22dMjOfqPO/49/YdUPi:oNLPrWu222ylii" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771801873", "to_ids": false, "type": "size-in-bytes", "uuid": "83e972a6-5122-411c-a216-cb094f917968", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771801873", "to_ids": true, "type": "vhash", "uuid": "b32b2c3e-4d6b-489c-ba6e-6c425c96e2dd", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771801873", "to_ids": true, "type": "filename", "uuid": "1f35b7d8-f4bd-44aa-b549-ef7893971423", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 23/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771801873", "to_ids": false, "type": "text", "uuid": "e013dc8f-368b-407a-9b48-1eb4c2329b28", "value": "Type Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:55/73\nFirst Submission:2014-09-09T05:20:59.000000+00:00\nLast Submission:2025-03-13T08:15:26.000000+00:00" } ] } ] } }