{ "Event": { "analysis": "1", "date": "2014-11-03", "extends_uuid": "", "info": "[Threat Intel] BE2 custom plugins, router abuse, and target profiles", "protected": false, "publish_timestamp": "1772420119", "published": true, "threat_level_id": "2", "timestamp": "1772420116", "uuid": "c83dd79e-930c-4ffb-800a-d3fa607ca0fb", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"BlackEnergy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"BlackEnergy 3\"", "relationship_type": "" }, { "colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Azerbaijan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Belarus\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Croatia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Kyrgyzstan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Libya\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Lithuania\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Poland\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771749273", "to_ids": false, "type": "link", "uuid": "95980b94-c615-4214-ba2a-7addd52850c1", "value": "https://securelist.com/be2-custom-plugins-router-abuse-and-target-profiles/67353/" }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758085", "to_ids": true, "type": "md5", "uuid": "ba27380f-3f18-4158-ab2c-192bde3918c0", "value": "79cec7edf058af6e6455db5b06ccbc6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758086", "to_ids": true, "type": "md5", "uuid": "8bd8d1f9-b239-422f-b1ac-1560e925aa89", "value": "8a449de07bd54912d85e7da22474d3a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758087", "to_ids": true, "type": "md5", "uuid": "671b8322-49aa-411e-af86-c7d9ce6416b4", "value": "6bf76626037d187f47a54e97c173bc66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758088", "to_ids": true, "type": "md5", "uuid": "34f395ab-296f-4b89-bb4b-f2912b048281", "value": "895f7469e50e9bb83cbb36614782a33e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758089", "to_ids": true, "type": "md5", "uuid": "cc69359d-c945-47cf-bc94-f50544101014", "value": "82234c358d921a97d3d3a9e27e1c9825", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758090", "to_ids": true, "type": "md5", "uuid": "dc2373d6-b3f1-46dc-9a11-2cf7effc7202", "value": "e565255a113b1af8df5adec568a161f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758091", "to_ids": true, "type": "md5", "uuid": "1dc8bb98-7410-4c6f-a622-161681446352", "value": "df84ff928709401c8ad44f322ec91392", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758092", "to_ids": true, "type": "md5", "uuid": "c3731af2-3ace-448d-a756-a8eec5c8955c", "value": "fda6f18cf72e479570e8205b0103a0d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758093", "to_ids": true, "type": "md5", "uuid": "bddb17d4-b318-4188-b602-f0ee8776a362", "value": "39835e790f8d9421d0a6279398bb76dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758094", "to_ids": true, "type": "md5", "uuid": "5d0afa80-3d4b-4a83-afb7-9e7755a1161f", "value": "fe6295c647e40f8481a16a14c1dfb222", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758095", "to_ids": true, "type": "md5", "uuid": "5f967896-f1bc-4f26-ab78-e7ba6b0db5ad", "value": "592c5fbf99565374e9c20cade9ac38aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758096", "to_ids": true, "type": "md5", "uuid": "5dac5d51-fdd0-4b73-8faa-ca8939823310", "value": "ad8dc222a258d11de8798702e52366aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758097", "to_ids": true, "type": "md5", "uuid": "2f52d829-8577-418a-888b-668d73f8ed6a", "value": "bc21639bf4d12e9b01c0d762a3ffb15e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758098", "to_ids": true, "type": "md5", "uuid": "902d7525-3709-46a0-a0ce-e0a28426fc4c", "value": "e02d19f07f61d73fb6dd5f7d06e9f8d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758099", "to_ids": true, "type": "md5", "uuid": "05aa615a-7770-4fe5-9b6b-2806195a8cb3", "value": "e06c27e3a436537a9028fdafc426f58e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758100", "to_ids": true, "type": "md5", "uuid": "22c37780-5af6-4fae-be47-832a54191aad", "value": "6cf2302e129911079a316cf73a4d010f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758101", "to_ids": true, "type": "md5", "uuid": "0c34fd91-7b55-494d-8c85-bbbbe68f84f6", "value": "698a41c92226f8e444f9ca7647c8068c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758102", "to_ids": true, "type": "md5", "uuid": "6af90b8c-c787-44fe-8e80-8309f6785018", "value": "82127dc2513694a151cbe1a296258850", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758103", "to_ids": true, "type": "md5", "uuid": "2078e48e-5d8f-40fb-8ef2-6256ab8cd94d", "value": "c1ba892d254edd8a580a16aea6f197e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758105", "to_ids": true, "type": "md5", "uuid": "cd3083c8-fa25-4e8a-9502-bcf64b41656b", "value": "907448af4388072cdc01e69b7b97b174", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758106", "to_ids": true, "type": "md5", "uuid": "89d4c589-1b5a-4248-b2d1-dc69770f189d", "value": "1395dfda817818c450327ab331d51c1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758107", "to_ids": true, "type": "md5", "uuid": "d9b9d003-3f72-4ad1-8811-cd663c41435f", "value": "723eb7a18f4699c892bc21bba27a6a1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3 No sample in VT\r\nLast check:22/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771758109", "to_ids": true, "type": "md5", "uuid": "b506a0ef-cc22-4beb-9f4a-c06cf28b1e98", "value": "f6c47fcc66ed7c3022605748cb5d66c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772420116", "to_ids": true, "type": "url", "uuid": "da54de7e-b7f0-4fe9-a896-d26b6968b405", "value": "http://94.185.85.122/favicon.ico", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771758133", "to_ids": true, "type": "ip-dst", "uuid": "7db29bcf-6d50-4b74-b418-f1528f2a8596", "value": "94.185.85.122", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771758154", "to_ids": true, "type": "url", "uuid": "cd7a8339-1789-49c0-9612-b6e44487245f", "value": "https://46.165.222.28/upgrade/f3395cd54cf857ddf8f2056768ff49ae/getcfg.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771758176", "to_ids": true, "type": "url", "uuid": "198b31f3-980a-4d76-9213-ed8a61619206", "value": "https://46.165.222.28/upgrade/bf0dac805798cc1f633f19ce8ed6382f/upgrade.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758198", "uuid": "b32c9c08-3678-426a-841d-f47bc69f71e3", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758198", "to_ids": true, "type": "md5", "uuid": "59d0fded-9816-401b-b3ce-777c63aea045", "value": "d57ccbb25882b16198a0f43285dafbb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757916", "to_ids": true, "type": "sha1", "uuid": "c7c821c6-6ce4-4bbe-ab69-c89ae23dca96", "value": "e9f356a5e0ce5abca990258b2864a9637cc6abac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757916", "to_ids": true, "type": "sha256", "uuid": "d5c03131-80d8-453d-bb1b-d689b90a2d3a", "value": "94a0436b20df1adea5bd94c85238bc11623642fe4335388865565f018d08df69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751133", "to_ids": true, "type": "ssdeep", "uuid": "9741ca9f-4457-49c0-861d-3b3ed5364855", "value": "1536:yvgq9ntecSh0+X0aua+YgTrBBwBT8/wP5E2x4:i9ntejTTtgTrBl/wh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751133", "to_ids": false, "type": "size-in-bytes", "uuid": "cb41a491-a15e-48c5-800e-d518aa172e07", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751133", "to_ids": true, "type": "vhash", "uuid": "f2329027-1f6e-43e3-b4d8-f75965970a02", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751133", "to_ids": true, "type": "filename", "uuid": "add65f21-ce53-4278-93ee-e52d4b19f1c8", "value": "e9f356a5e0ce5abca990258b2864a9637cc6abac.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751133", "to_ids": false, "type": "text", "uuid": "d10a9458-2dca-46d5-ae9c-59180fae5c08", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:55/73\nFirst Submission:2014-09-06T15:06:50.000000+00:00\nLast Submission:2025-03-13T08:23:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758219", "uuid": "120a811d-fcf6-4379-8af4-db72af2e5546", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758219", "to_ids": true, "type": "md5", "uuid": "a37f9334-0ef8-4bc7-851d-feec6b0159e1", "value": "7740a9e5e3feecd3b7274f929d37bccf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757917", "to_ids": true, "type": "sha1", "uuid": "e821c311-90f1-484a-b833-99c7b1443b15", "value": "c6e836ce65a75212888fe46fe31bb2eab49a24c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757917", "to_ids": true, "type": "sha256", "uuid": "4492d99e-ca71-47ee-b0bc-6a5a9618f3ff", "value": "052c486aeb63dbe5fc58f2dd7647851e7377eb5ad6772a6a9f4b112cac786bab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751155", "to_ids": true, "type": "ssdeep", "uuid": "d94eee97-611c-4498-8218-90b8bbdba917", "value": "1536:05Owol/uOXGj2JzFEAP5GOm6lmRqk/xi5/2eqnmk3rHDSv:x3IOoazFv5GR6lmRf/xiB9qmkbHM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751155", "to_ids": false, "type": "size-in-bytes", "uuid": "aed78172-3185-4d97-a64f-9fa43be6c078", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751155", "to_ids": true, "type": "vhash", "uuid": "101efba2-a7b1-4f06-b532-ff829325b536", "value": "074046755d551031801004c006f9zfazb303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751155", "to_ids": true, "type": "filename", "uuid": "3ee4c70a-8bd2-4830-bfef-614e345e65f4", "value": "regedt32.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751155", "to_ids": false, "type": "text", "uuid": "07cf2a2a-9b22-4688-9b7c-9d3a82751b08", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:59/73\nFirst Submission:2014-09-06T15:30:00.000000+00:00\nLast Submission:2025-03-13T08:27:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758241", "uuid": "330064bd-6a7e-4957-ba2d-32058654af44", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758241", "to_ids": true, "type": "md5", "uuid": "4303ef5e-eb82-446c-9f1a-df95d6e8afcd", "value": "948cd0bf83a670c05401c8b67d2eb310", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757918", "to_ids": true, "type": "sha1", "uuid": "c8d0771c-d446-439d-ac01-509e1cb958b1", "value": "e5c8c10b10ee288512d3a7c79ae1249b57857d23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757918", "to_ids": true, "type": "sha256", "uuid": "39a270f2-19e9-4c52-bc23-d04ee83bf587", "value": "91f72808aaed45a76ff1044a23fd6df4b7ab7ace292725522518feb9c0b8574e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751176", "to_ids": true, "type": "ssdeep", "uuid": "eb40a5bd-0a1d-4ff1-857d-6791f87160a4", "value": "1536:/3LOP/x71X3J6K+tNPi4MTANO2xPq9gOrrZEJ0P6ZQUYERH0DCxbn:DOp1X5qK4MTgRqmOp7PtUYERH0DCxbn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751176", "to_ids": false, "type": "size-in-bytes", "uuid": "95adef93-b4fb-4a42-b071-ea6d868eecef", "value": "93696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751176", "to_ids": true, "type": "vhash", "uuid": "3eccf3fb-c259-4da9-9cb3-0ac4a24e184f", "value": "094046755d651080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751176", "to_ids": true, "type": "filename", "uuid": "2a323639-5e57-44a5-8c08-37b21fd82d0f", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 28/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751176", "to_ids": false, "type": "text", "uuid": "b135ab06-d56a-4cea-87d1-2a8e12c980fd", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:61/72\nFirst Submission:2014-09-06T14:51:22.000000+00:00\nLast Submission:2025-03-18T02:12:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758262", "uuid": "64b3ce5b-d355-4297-a80b-5049d7a5c991", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758262", "to_ids": true, "type": "md5", "uuid": "6579e855-d9f4-4d35-be07-218e484c55ed", "value": "f2be8c6c62be8f459d4bb7c2eb9b9d5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757919", "to_ids": true, "type": "sha1", "uuid": "3c907be8-2618-4421-a433-f9687ab38a8e", "value": "fd8f6f09315f49d60017145032c66de71958dda2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757919", "to_ids": true, "type": "sha256", "uuid": "66465ab6-14cd-4558-b590-8fdf0d3ddfe0", "value": "fbe5dc37b1fd3e5b1dbed0993eb6e10a2882a8aa1967e04ab1f28938c97c0da2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751198", "to_ids": true, "type": "ssdeep", "uuid": "081d1ae1-67eb-48c1-be28-a45ed82ae25c", "value": "768:daZ3nb5HGzHGeNlQxKyl/8qP/oV+kaH9IS83MlbfwoSylUxF:8Z3b5HiGOl78/3P/Fkt3MxnSylo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751198", "to_ids": false, "type": "size-in-bytes", "uuid": "10edc56b-de8d-4fe8-8d75-10a0f6cc0c27", "value": "49664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751198", "to_ids": true, "type": "vhash", "uuid": "1884c69c-94c3-4153-89bf-c1d2acae5e3a", "value": "04405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751198", "to_ids": true, "type": "filename", "uuid": "31b9d359-7cf3-465e-8b3d-cfba8beee210", "value": "fd8f6f09315f49d60017145032c66de71958dda2.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751198", "to_ids": false, "type": "text", "uuid": "3310f406-4d4a-4545-98ad-839032f6da55", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:52/73\nFirst Submission:2014-09-23T04:06:48.000000+00:00\nLast Submission:2025-03-13T08:04:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758284", "uuid": "a4daba05-2e08-4c67-a013-03e083f5998a", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758284", "to_ids": true, "type": "md5", "uuid": "dc592dc0-635c-4c25-a18b-80ad00f4cbe0", "value": "26a10fa32d0d7216c8946c8d83dd3787", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757921", "to_ids": true, "type": "sha1", "uuid": "c6087c72-bd36-4673-95f3-61f61f2dd561", "value": "746d7310888403092111d159dfaf743a457c45a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757921", "to_ids": true, "type": "sha256", "uuid": "347e8669-73d2-4870-9530-9df2b1695c4d", "value": "ae379dc778b90151a10b66aefd254fda839cdf5a801fe993f9ad82833a7e8f9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751220", "to_ids": true, "type": "ssdeep", "uuid": "6404033f-967d-4e24-a09f-31aa24e267e0", "value": "1536:KVmMV5Uk/RycT05NioknHrCkuFIOUU4cZ+yXAjb2p/i:KVBoW06omHrCDUUD+9eNi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751220", "to_ids": false, "type": "size-in-bytes", "uuid": "3ec1cbd2-143f-4a1c-8015-a7339bec3b5f", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751220", "to_ids": true, "type": "vhash", "uuid": "2b177994-44a7-4041-ae71-3ea989b947a2", "value": "06406e751d1e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751220", "to_ids": true, "type": "filename", "uuid": "32327494-426d-4922-a3fd-57597dac72cd", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751220", "to_ids": false, "type": "text", "uuid": "bce79f68-127e-43df-9a1d-70ff5a422e01", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:52/73\nFirst Submission:2014-09-12T09:17:57.000000+00:00\nLast Submission:2025-03-13T08:01:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758305", "uuid": "b3b4bad8-5425-46fa-b947-621d760aeb51", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758305", "to_ids": true, "type": "md5", "uuid": "12ec3ce2-2fed-42d4-9d53-e90bb70b6486", "value": "8c51ba91d26dd34cf7a223eaa38bfb03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757922", "to_ids": true, "type": "sha1", "uuid": "9a7af73c-bcaf-4a21-bc57-a882228352d8", "value": "3964024184fa7e8b1c6677e205cbc694c1a2c981", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757922", "to_ids": true, "type": "sha256", "uuid": "3aa4a4f3-4eff-4243-874f-f225cd4f4c92", "value": "980d577d3448477dbfe65316b42f2b970c3972e5b01be9abe7abba3568aa1de7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751242", "to_ids": true, "type": "ssdeep", "uuid": "1a9eb4a3-a58a-443d-bc39-ddc8cd57bc77", "value": "3072:4GYzYiZG3IGosqlf2UdE4t2bJuPCx/Gdu5wMaog5sR8UJSyXs8b9rFo8WrvDwH0A:43G3Irzlf28+JF/6rMaoEybM8Ww" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751242", "to_ids": false, "type": "size-in-bytes", "uuid": "a52f27a0-1ee6-436f-b27a-311ce9faef8b", "value": "175104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751242", "to_ids": true, "type": "vhash", "uuid": "6c76ab8e-5cec-45a9-8b9e-f2232e3bf12a", "value": "0150467555151080105001c00837z37z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751242", "to_ids": true, "type": "filename", "uuid": "7d3d87fe-192b-4cd4-8277-5241f80466c2", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751242", "to_ids": false, "type": "text", "uuid": "13cfd5cc-fb48-4a52-96c2-ab2b5407fc25", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Leonem\nVT Total Detection:64/73\nFirst Submission:2014-09-12T08:02:33.000000+00:00\nLast Submission:2025-03-16T02:17:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758327", "uuid": "72265857-3e29-41e7-b31d-57a8a90d6329", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758327", "to_ids": true, "type": "md5", "uuid": "45bdf209-beec-4ff5-87b0-5889446d88f4", "value": "c69bfd68107ced6e08fa22f72761a869", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757923", "to_ids": true, "type": "sha1", "uuid": "922f75aa-24c3-46c8-951d-8e6f21d4af1d", "value": "cc2e6dbeeb046ce35c755e81b08a0b6aef56e0e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757923", "to_ids": true, "type": "sha256", "uuid": "8e4ff73e-a843-468d-83b1-3f45f46a0e0b", "value": "de2515cb06ef5dcc66c9d585f0b331baa316dc63026cdb99f854c65afa41ee82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751264", "to_ids": true, "type": "ssdeep", "uuid": "fdbb3789-ae79-4a0a-92ba-dd2aa0e9f97f", "value": "768:5H2DVhDbf9XoIfomX0WqygE0T28bLy+f+M7S7dtWCBoJ2BrAwkLuUFNi:NODHKNw4VNLy+l7r9+rBkyUPi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751264", "to_ids": false, "type": "size-in-bytes", "uuid": "b5906fb7-c579-4573-9d6d-e791a16ee78b", "value": "61440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751264", "to_ids": true, "type": "vhash", "uuid": "c8f5a8e7-750b-4b7a-ac3f-0bf43eb7fcb2", "value": "06406e751d1e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751264", "to_ids": true, "type": "filename", "uuid": "b2108a74-c066-4f23-a785-c6659abfb5de", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751264", "to_ids": false, "type": "text", "uuid": "72dbfd2f-5a0a-42e9-b8d7-89043e313f36", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:52/73\nFirst Submission:2014-09-12T00:04:09.000000+00:00\nLast Submission:2025-03-13T07:48:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758349", "uuid": "c5f8b90e-9868-433d-b3d9-631435bac6e3", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758349", "to_ids": true, "type": "md5", "uuid": "27f969cb-b21b-448a-938c-1ada7e266bdd", "value": "3cd7b0d0d256d8ff8c962f1155d7ab64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757924", "to_ids": true, "type": "sha1", "uuid": "4ea63d47-bb1a-49d4-a09f-2d83a0ad275f", "value": "f9ef97dfb33685e6f89d3bae607e3cbfa2f901d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757924", "to_ids": true, "type": "sha256", "uuid": "0e201952-f84e-4f01-8d54-8fa86fc92b31", "value": "ea72c79d15fb1b7765d40733a251f8e3b8aeb278cd2bbf429d64921155214b36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751286", "to_ids": true, "type": "ssdeep", "uuid": "96fa333c-ddaf-46b1-b3b3-8ef3374c4235", "value": "3072:EN06zdMYRM5+FskW0lFC1CkzUyFC16qa/wheFGyYBMDZHlH0DCv:aR7w+CkW0OasC1Tw0BQZHl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751286", "to_ids": false, "type": "size-in-bytes", "uuid": "81852b2e-966f-413e-bb50-64416ea8528b", "value": "173568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751286", "to_ids": true, "type": "vhash", "uuid": "c8798741-40e3-45db-bd37-857a6ccdbbea", "value": "0150467555151080105001c00837z37z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751286", "to_ids": true, "type": "filename", "uuid": "f6658523-bffb-45cc-9210-bb42395923d3", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751286", "to_ids": false, "type": "text", "uuid": "dde2c562-90b5-4d7e-8c14-4dcea6fc12fb", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:64/73\nFirst Submission:2014-09-14T08:16:59.000000+00:00\nLast Submission:2025-03-13T08:21:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758370", "uuid": "eaccb054-15fb-46c9-92ca-ca2040b606e4", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758370", "to_ids": true, "type": "md5", "uuid": "ccb9b3ed-2790-4d0d-82ba-10ea7aef0fc9", "value": "298b9a6b1093e037e65da31f9ac1a807", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757926", "to_ids": true, "type": "sha1", "uuid": "393be5ba-7a1d-400b-9a5e-688b9759beda", "value": "f0ab570a058e65b300d1d32763f8aa6d7ad50e75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757926", "to_ids": true, "type": "sha256", "uuid": "969e6ab1-5b10-49dd-9b2d-46b846bb381c", "value": "7b0cddedb956097ce88edf9368892d62e4c6986064787588dd498ac713698195", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751308", "to_ids": true, "type": "ssdeep", "uuid": "6a011c79-91ac-4798-8301-ade454e9785c", "value": "768:c875XuPMo/h+mkPYtBnMEFJo6EBzrLlrYKmXDrD:cuuPRh+DPYteEo62LloDrD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751308", "to_ids": false, "type": "size-in-bytes", "uuid": "c78842aa-a181-461b-b65d-151754b74f1f", "value": "44544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751308", "to_ids": true, "type": "vhash", "uuid": "5e54e5e8-2be1-4efa-a8ef-43de1703e76f", "value": "044046755e5519z56z83xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751308", "to_ids": true, "type": "filename", "uuid": "ec4c51e5-ee4d-400a-b710-9bc95b013484", "value": "f0ab570a058e65b300d1d32763f8aa6d7ad50e75.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751308", "to_ids": false, "type": "text", "uuid": "a67d8076-2588-49a4-adfa-b8180dd381f4", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:55/73\nFirst Submission:2015-01-15T07:01:04.000000+00:00\nLast Submission:2025-03-18T02:12:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758392", "uuid": "a5ad4082-c3f3-4082-a59f-d9ac69469076", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758392", "to_ids": true, "type": "md5", "uuid": "085d9d29-3b73-40da-8008-b4b348b82f5a", "value": "d009c50875879bd2aefab3fa1e20be09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757927", "to_ids": true, "type": "sha1", "uuid": "9fe0c88f-b0d4-442b-bc66-ed7a0c5dff68", "value": "4f6fd1651601f1148f25ff06019677b76ddfc30a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757927", "to_ids": true, "type": "sha256", "uuid": "a45774b4-a914-4b85-adb5-e67032fa0541", "value": "dbdbccf9e5b9afcf1eaad145fd26b0006a4852ae3ae4909a2c466a1d4d7ab371", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751330", "to_ids": true, "type": "ssdeep", "uuid": "dcbfe39f-59fd-4f06-9bc1-9cf948f6fc47", "value": "768:6lqmzB9nHMcmpay5+ncezJGPCTgZ7V3toOcMTN:6d9Hn2P588PCTItcMT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751330", "to_ids": false, "type": "size-in-bytes", "uuid": "e1ae5d17-021b-4379-bc56-7eb880141d2e", "value": "34304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751330", "to_ids": true, "type": "vhash", "uuid": "c7de4a40-ab11-43ae-992c-372010546698", "value": "034076651d1e65151c7iz11xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751330", "to_ids": true, "type": "filename", "uuid": "123036d0-3398-4d30-96ad-6cf521c0cd62", "value": "4f6fd1651601f1148f25ff06019677b76ddfc30a.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751330", "to_ids": false, "type": "text", "uuid": "1471b9c1-ce47-4b40-af22-543504ef5c7b", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:56/73\nFirst Submission:2014-09-12T15:55:49.000000+00:00\nLast Submission:2025-03-13T07:55:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758413", "uuid": "77e04125-6fa3-4517-8492-8bc873626d42", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758413", "to_ids": true, "type": "md5", "uuid": "e367ab6e-86ca-4156-948e-b67984f0895b", "value": "88b3f0ef8c80a333c7f68d9b45472b88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757928", "to_ids": true, "type": "sha1", "uuid": "c6b9bbf5-53a1-43f5-83a1-c0d692547713", "value": "eda20511df801eb17486d5ce241e95ce42cf6b06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757928", "to_ids": true, "type": "sha256", "uuid": "427f1371-ff0e-4933-8ef7-120fffae3d63", "value": "07d714b7ee619c13fa7619fd879f2793cb4f7d80cb23359c0808c31a299acf45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751351", "to_ids": true, "type": "ssdeep", "uuid": "84980988-b279-4080-8811-a988e32b433d", "value": "1536:GfrfDVDCR6hDKthAJ5xp+Fz38kV7L6tuUj8wwywa+eHKTPi:crDVWsktSJ5xIN8G7L6tfdwa+wqi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751351", "to_ids": false, "type": "size-in-bytes", "uuid": "dc598d15-722d-4428-83b2-2c0b15eddf1b", "value": "61440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751351", "to_ids": true, "type": "vhash", "uuid": "f1cc0381-67c4-4a2a-8935-331d5491a956", "value": "06406e751d1e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751351", "to_ids": true, "type": "filename", "uuid": "b5065ba5-31fd-4dd2-bc9a-0a5480155b2a", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751351", "to_ids": false, "type": "text", "uuid": "f5241c09-594b-4808-9119-99ee8f27deb2", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-09-16T08:03:17.000000+00:00\nLast Submission:2025-03-13T08:19:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758434", "uuid": "6f9e3995-ae79-4232-9742-7a2eb1b54570", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758434", "to_ids": true, "type": "md5", "uuid": "75b3d953-835e-4a2a-b74e-d0380374bcf0", "value": "17b00de1c61d887b7625642bad9af954", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757930", "to_ids": true, "type": "sha1", "uuid": "9e25d8fe-24ee-4458-9ce9-cbead9f69fb3", "value": "af0a16b1a741dbff390ca82f010607bd0f8bd326", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757930", "to_ids": true, "type": "sha256", "uuid": "eb47665a-742e-431a-af14-86400c6d47c2", "value": "2731d7cfcde172e6dde879f9c26bddaa0d2b1beba9a27680fbd2fa37f9bf12b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751373", "to_ids": true, "type": "ssdeep", "uuid": "f6682655-608a-47b8-bb68-804d71df140e", "value": "3072:sX3/eslCyvoORcAQoChbsytRguQNttqZKQ0vEVe3iIje/zBYvif3CosANfUqYFTb:WGslCr1AQoyFf4Ntth93zj89YafyaB50" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751373", "to_ids": false, "type": "size-in-bytes", "uuid": "43309889-6372-46e9-b522-cea6773fd29f", "value": "173568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751373", "to_ids": true, "type": "vhash", "uuid": "777fc274-6f1b-47f9-bcce-9f1f522ff939", "value": "0150467555151080105001c00837z37z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751373", "to_ids": true, "type": "filename", "uuid": "4072e648-e679-49ab-aa60-c84fc00980e0", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751373", "to_ids": false, "type": "text", "uuid": "53cd9f0d-3af1-449d-a9c8-4ff39733f2b5", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:65/73\nFirst Submission:2014-09-15T12:54:22.000000+00:00\nLast Submission:2026-01-23T16:06:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758456", "uuid": "62dffc78-e110-422d-af3a-40af098e7dcd", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758456", "to_ids": true, "type": "md5", "uuid": "c7793f00-82f7-4dab-ab78-511d2143f451", "value": "27eddda79c79ab226b9b24005e2e9b6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757931", "to_ids": true, "type": "sha1", "uuid": "f5d0e3f4-da07-40fd-8795-0f2fd32d64e2", "value": "bf8671d63ca27f24aa6dc0c1267025c9a2e573b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757931", "to_ids": true, "type": "sha256", "uuid": "c74c07c8-d77b-42de-b06b-97dcd37aa518", "value": "d989eb7be59cef756f40a3b127e042043e871c4477c8cf1b0b619bc4170c6f70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751395", "to_ids": true, "type": "ssdeep", "uuid": "94c9f0e6-10f3-41e4-ac92-4c06be0b01e1", "value": "1536:xjkfnbrvA9aSpTCMe1MPkYK3y1qBZOObewKPi:ZMvvPgTLekkYK3kOb/6i" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751395", "to_ids": false, "type": "size-in-bytes", "uuid": "fe05b659-4774-44ba-987a-e4aa1237616b", "value": "61440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751395", "to_ids": true, "type": "vhash", "uuid": "2ff33663-82bf-4c43-9c0a-691d284a4697", "value": "06406e751d1e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751395", "to_ids": true, "type": "filename", "uuid": "5ff7f3fb-ab2c-48ee-af8f-ebe689e0bcc3", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751395", "to_ids": false, "type": "text", "uuid": "112e3543-32c4-4807-81e2-9876701c217b", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:60/73\nFirst Submission:2014-09-20T11:46:04.000000+00:00\nLast Submission:2025-03-13T08:04:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758477", "uuid": "12b7e96f-100b-4fe3-837b-6fb3b0d81310", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758477", "to_ids": true, "type": "md5", "uuid": "29e9a380-6ddb-4545-bd4a-256de04bbcd1", "value": "48937e732d0d11e99c68895ac8578374", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757932", "to_ids": true, "type": "sha1", "uuid": "05ec6167-75a6-4f5b-b8e1-d480531cebef", "value": "118206d910f0036357b04c154da8966bcccd31b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757932", "to_ids": true, "type": "sha256", "uuid": "384c8905-4a69-4117-9cc7-8db0fa540c11", "value": "f6a4c241b38226a8ba5cc7a954faef6d7dc0c308534722860d38f7b7aaadad75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751417", "to_ids": true, "type": "ssdeep", "uuid": "d8d55dde-69f6-4dc3-aac7-afb07552d466", "value": "3072:QEdBvPIUtCpzlS21mErA3uou8OGywi6mHmUJIzGX2O/SE7hUa4HFo+pLf6HlH0D8:pn4UtTUmIAU8OOibHmUJC8H7hUa0LCHl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751417", "to_ids": false, "type": "size-in-bytes", "uuid": "5b07cfec-3c73-4a91-9caa-4e57e19f4521", "value": "173568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751417", "to_ids": true, "type": "vhash", "uuid": "eed9ccae-4911-4b3d-9b3f-2fe69214cc62", "value": "0150467555151080105001c00837z37z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751417", "to_ids": true, "type": "filename", "uuid": "0f0761b9-1982-4d6e-8c21-70aeb42fb3c1", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751417", "to_ids": false, "type": "text", "uuid": "bef46b1a-ca9c-4f9b-8761-5c63ab89490d", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Worm:Win32/Phdet.B\nVT Total Detection:67/73\nFirst Submission:2014-09-20T11:56:50.000000+00:00\nLast Submission:2025-03-13T08:00:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758500", "uuid": "e40fff16-c481-4475-91fd-d07f7207682d", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758500", "to_ids": true, "type": "md5", "uuid": "38e2b077-baf4-4586-80fe-6e3b4ab45f77", "value": "82418d99339bf9ff69875a649238ac18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757933", "to_ids": true, "type": "sha1", "uuid": "20ac777f-d9ad-446f-99e1-70fff57c7353", "value": "abab02d663872bcdbe2e008441fcd7157c0eb52d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757933", "to_ids": true, "type": "sha256", "uuid": "7361740d-1c13-4814-8070-d9543f155f79", "value": "f8b974cf978a3828aeb9b83fc48645da576e4b90dd47c2b82a46f6c14665a9e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751438", "to_ids": true, "type": "ssdeep", "uuid": "52ffe57e-d9de-4552-8025-5d6095309b9f", "value": "1536:yulKeo8sm8V/k5COPsEKZ1GgoygvH0IDxbY5NVXtTucX8gqnmk3rHDSv:yWKfmmqCrIygvUMMXXMcXXqmkbHM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751438", "to_ids": false, "type": "size-in-bytes", "uuid": "b2589f03-7f5d-425e-b7e0-8d2250c708b4", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751438", "to_ids": true, "type": "vhash", "uuid": "a593a825-0559-41dc-9d40-bc3ce1e785df", "value": "074046755d551031801004c006f9zfazb303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751438", "to_ids": true, "type": "filename", "uuid": "b24d8d8d-8b34-4cb3-a824-0a6b928f2195", "value": "regedt32.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 24/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751438", "to_ids": false, "type": "text", "uuid": "9148b848-d84e-4835-ab76-3bc6c141fd45", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:58/71\nFirst Submission:2013-04-16T20:03:29.000000+00:00\nLast Submission:2025-03-13T08:08:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758521", "uuid": "63d55336-f9d9-4422-be03-f25cdd88ce80", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758521", "to_ids": true, "type": "md5", "uuid": "a23dab1a-9281-4305-8793-ad696da46afa", "value": "f9dcb0638c8c2f979233b29348d18447", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757937", "to_ids": true, "type": "sha1", "uuid": "53c5e215-c6c7-4481-8e8b-45f6feade6e6", "value": "7851587ffd1fc36f4a4b25ba5d23870a0c00a2b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757937", "to_ids": true, "type": "sha256", "uuid": "e19c1741-fa96-42e4-aa3b-898b9d04f7da", "value": "921b5c74e92796ddaa6d110924fb88dc0cf4de173836b021390b0898d72abd3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751460", "to_ids": true, "type": "ssdeep", "uuid": "811b55f0-57e2-43dd-8be4-1c4827b4b232", "value": "768:wJ2D2TC1w763tYJw2X2nT7lR/EymyVLugrpAgXEi1yiyplFoVjqMDVD:Oa2TZsXyA/k6LuglA42fFoVjqMDVD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751460", "to_ids": false, "type": "size-in-bytes", "uuid": "ace46625-ea0a-4e2d-a87f-024abe8b7780", "value": "44672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751460", "to_ids": true, "type": "vhash", "uuid": "430a8ce2-7d6e-4567-93b7-27db3c342065", "value": "044046755e5519z56z83xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751460", "to_ids": true, "type": "filename", "uuid": "5d945117-2ccc-4429-9689-a8b8a9161d18", "value": "7851587ffd1fc36f4a4b25ba5d23870a0c00a2b9.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751460", "to_ids": false, "type": "text", "uuid": "84f687e0-2089-4748-971f-6ec8e278b444", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:54/73\nFirst Submission:2014-11-15T10:26:28.000000+00:00\nLast Submission:2025-03-13T08:12:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758543", "uuid": "1a8ea901-3264-45a5-a9c3-f44547ef43c4", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758543", "to_ids": true, "type": "md5", "uuid": "8187df6a-aa8d-41fc-8c58-162c204079b4", "value": "72372ffac0ee73dc8b6d237878e119c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757938", "to_ids": true, "type": "sha1", "uuid": "9ed92cce-60da-4906-b50a-70a1b33ccf83", "value": "f5b11cc287ac205775ac45c445bdfebf7140f04f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757938", "to_ids": true, "type": "sha256", "uuid": "a8cf9a17-eb49-4332-b4f6-c84c9fb45a97", "value": "fa4bdd546c0f2c97136108e20fd6c6deab9c2291726e95b5de78a9d5b7c1ed97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751482", "to_ids": true, "type": "ssdeep", "uuid": "9c47cee0-5e4d-4e17-b25f-fd7ba59428db", "value": "3072:QvOoH13Z/7s150uswAkG4fZsNbErRkjJE:mOcjs1opt4udy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751482", "to_ids": false, "type": "size-in-bytes", "uuid": "ba48a1b6-3570-4f25-838c-8bc29164d95f", "value": "117248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751482", "to_ids": true, "type": "vhash", "uuid": "b740a32b-d7d7-4be8-8823-2c6de7ab45e4", "value": "01503675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751482", "to_ids": true, "type": "filename", "uuid": "3d257ff1-1752-4074-9cf8-d045a19d24fd", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751482", "to_ids": false, "type": "text", "uuid": "d46f0ba3-60ba-47ae-9c5c-8f455001ec24", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Anaki.A!rfn\nVT Total Detection:62/73\nFirst Submission:2013-12-11T10:29:25.000000+00:00\nLast Submission:2025-03-13T07:48:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758564", "uuid": "36190d03-658e-4fa0-be0c-ec905b98fbd5", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758564", "to_ids": true, "type": "md5", "uuid": "627c6c29-6b64-4952-bf7a-516f96f895cb", "value": "c229a7d86a9e9a970d18c33e560f3dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757939", "to_ids": true, "type": "sha1", "uuid": "894186a2-8b45-42f3-a8b4-ad71dfaf580b", "value": "191761b273d5bbe0e50ed2a43bcfa359d2f21ea4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757939", "to_ids": true, "type": "sha256", "uuid": "e9a7b462-2b72-4861-9db6-1d5741b7f8ad", "value": "7c7e2f62aeb3b9d5b0618a7dd2fb1fad035ef7bf6b5d45014fe2e114f2e92a63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751504", "to_ids": true, "type": "ssdeep", "uuid": "0ac35a8a-dece-464e-84ad-e3c163bbb32b", "value": "768:o0oxTOe844NBJbaXfNJgb0Aukx/1atb04q/+CXp0reFpJC2vmPfL9kFrpzkjWbzi:yH48mTbWwpbJC2voErRkjy8gE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751504", "to_ids": false, "type": "size-in-bytes", "uuid": "ba13b1e1-c370-423a-b1ba-214efd0a85f3", "value": "80384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751504", "to_ids": true, "type": "vhash", "uuid": "c22f7b1d-6a8c-48c3-a947-eeffeff9f640", "value": "0840467555551040104001e00787z37z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751504", "to_ids": true, "type": "filename", "uuid": "b0dc421c-ddac-417a-91e5-1b2f3a7feaa5", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 08/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751504", "to_ids": false, "type": "text", "uuid": "e8e323d8-ba12-44dd-beae-fef17a51932c", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:56/72\nFirst Submission:2014-10-14T19:38:18.000000+00:00\nLast Submission:2025-07-08T00:05:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758585", "uuid": "bf203365-bae2-49ab-ad6a-eb59646e6bf3", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758585", "to_ids": true, "type": "md5", "uuid": "28473af5-6472-41f9-bef8-be2d7da6c653", "value": "ef618bd99411f11d0aa5b67d1173ccdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757941", "to_ids": true, "type": "sha1", "uuid": "89319bbf-8628-45a1-a9c5-8feb9ef885c0", "value": "4d4334ff0545717b3adc165ab6748dce82098d97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757941", "to_ids": true, "type": "sha256", "uuid": "7288b9a3-2fff-4846-abeb-f6138d2bc41b", "value": "09b499278abba205e005982216e375bcdd89632c33b40e9df82e12122fb0d744", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751526", "to_ids": true, "type": "ssdeep", "uuid": "6a2d6a08-55bb-4df1-8bfb-60a2ca673bb1", "value": "3072:aeYhQh83ipmfdPSgAJyRfvfWM6zkvcWFRrnErRkjJE:rnh8vfdRLRfHYz4FRrny" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751526", "to_ids": false, "type": "size-in-bytes", "uuid": "86e0a924-b3e1-48e0-a28f-5db5d316361f", "value": "115200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751526", "to_ids": true, "type": "vhash", "uuid": "6495e3d5-c4ef-4146-857f-7ee2c530f310", "value": "0150467555551040104001e00787z37z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751526", "to_ids": true, "type": "filename", "uuid": "b2c8e8c9-784c-4776-b399-da437cde4b7e", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751526", "to_ids": false, "type": "text", "uuid": "97b595d9-5dcb-4f65-b841-28d3b37e47e0", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:64/73\nFirst Submission:2014-10-14T14:51:28.000000+00:00\nLast Submission:2025-03-13T07:48:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758607", "uuid": "948e4ea0-a259-407e-a05e-22531bb799f9", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758607", "to_ids": true, "type": "md5", "uuid": "7dc0f367-b8a0-4b10-8482-5fe8804aca4a", "value": "383c07e3957fd39c3d0557c6df615a1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757942", "to_ids": true, "type": "sha1", "uuid": "c939884b-39ef-4487-b7ec-277814db1300", "value": "07edc44f9b1a2b40e3e766c2fa6907afad0e33fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757942", "to_ids": true, "type": "sha256", "uuid": "1a841a18-dd11-4cac-a362-c7cef48676f1", "value": "8c5c9c964eb86d28e7cee681dcf62a84b7a540e503ed8c4a85b47e5c5b45e7e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751547", "to_ids": true, "type": "ssdeep", "uuid": "d787d367-d8ee-4fbe-94b6-f81d904642bf", "value": "3072:t8qEOgTUl56D1D+DdYtrXpaMciiGNDvV4jpgryWUVwOBHlH0DCl:CqE9TE6xwhsvD6j4cVwUHl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751547", "to_ids": false, "type": "size-in-bytes", "uuid": "67739b87-dbd4-4cde-81f5-860039221f1c", "value": "174080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751547", "to_ids": true, "type": "vhash", "uuid": "212f62bb-8819-4afc-b477-3ed3fbd6f195", "value": "0150567555151d0080105001c00837z37z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751547", "to_ids": true, "type": "filename", "uuid": "826b7311-19bd-416a-bdf4-4cf8f94d24d2", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751547", "to_ids": false, "type": "text", "uuid": "50e73469-21b9-4f49-a3c7-a77f3ed287e6", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:56/73\nFirst Submission:2014-10-17T18:12:06.000000+00:00\nLast Submission:2025-03-13T08:13:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758628", "uuid": "87c64257-0cc8-4ff4-9475-c1c4579209a0", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758628", "to_ids": true, "type": "md5", "uuid": "f4629a8a-c5f6-40ab-b148-6223d774b2a1", "value": "105586891deb04ac08d57083bf218f93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757943", "to_ids": true, "type": "sha1", "uuid": "d53d71a8-8eab-4b86-a9f3-79441ee79bb6", "value": "f617912157ec0471bf59a7d5911a84a6a3ee70ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757943", "to_ids": true, "type": "sha256", "uuid": "a9396f9e-178b-4dc0-aaec-69a5585149db", "value": "c5d9613abe764146c8d72e657eb42cf36b3f3ffce44bf4515439b073d6d05096", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751569", "to_ids": true, "type": "ssdeep", "uuid": "f307f4df-d242-4c9c-9b2f-3c4e672ae1b5", "value": "1536:BPV6i4AWx2i0E19pZBXtoZooI2JFPnIPaYlYsjhPi:Bo1tV0GZNWodGJ3+Yspi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751569", "to_ids": false, "type": "size-in-bytes", "uuid": "78cd9d1a-a2be-4485-9d01-533c6e3b52bf", "value": "61440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751569", "to_ids": true, "type": "vhash", "uuid": "c025b6a1-4044-4ead-a6bd-98805d7f55ec", "value": "06406e751d1e551519z86z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751569", "to_ids": true, "type": "filename", "uuid": "72021bf7-dfae-491b-bcb8-82d4e934501c", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751569", "to_ids": false, "type": "text", "uuid": "c6012fdd-2b2d-40a5-bac8-1f1443fe3c4e", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-11-04T02:11:14.000000+00:00\nLast Submission:2025-03-13T08:20:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758649", "uuid": "6de6bce0-ab3f-4302-9f50-96c415f52cee", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758649", "to_ids": true, "type": "md5", "uuid": "29f08f94-db49-4cec-a203-1e122db74544", "value": "1deea42a0543ce1beeeeeef1ffb801e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757944", "to_ids": true, "type": "sha1", "uuid": "458acc47-8c53-4133-90c1-0aec6bc9f743", "value": "80a842deb38e252840a881198a3b3dc7869b6840", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757944", "to_ids": true, "type": "sha256", "uuid": "35e42843-a92c-4298-8abc-fbd5b5ac7d23", "value": "84c2a042ade22c41bac982b4427c8ff283b04c9092193f19a5db55b1fcf18b0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751591", "to_ids": true, "type": "ssdeep", "uuid": "b23c8522-4072-44e2-b639-6c47f0525521", "value": "1536:1FS0Dr3KweQEb02kUK3drqog51fss/i+TVP39hNmMNm+z/qnmk3rHDSv:10S3KwG02pKVq/r/i+bhNBbqmkbHM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751591", "to_ids": false, "type": "size-in-bytes", "uuid": "24bf2cb7-b3a5-4cdb-95aa-080ff56694ae", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751591", "to_ids": true, "type": "vhash", "uuid": "857ef854-257c-421f-8ba0-40badd2f02e3", "value": "074046755d551031801004c006f9zfazb303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751591", "to_ids": true, "type": "filename", "uuid": "091fb1a9-b5be-4d5b-9c8b-d35140dbeab7", "value": "regedt32.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751591", "to_ids": false, "type": "text", "uuid": "4c5ff077-c817-4c23-944e-5018cef95c67", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:62/73\nFirst Submission:2013-04-11T09:57:05.000000+00:00\nLast Submission:2025-03-13T07:44:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758671", "uuid": "eb738f64-b5ca-438c-a6ca-5d14dd2dc352", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758671", "to_ids": true, "type": "md5", "uuid": "6ee1a99c-0311-465d-9933-b625ae503084", "value": "7d1e1ec1b1b0a82bd0029e8391b0b530", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757946", "to_ids": true, "type": "sha1", "uuid": "ae1dc29e-c364-4b5b-97f8-a125c5dcc510", "value": "5e2a44288e16ef9dbee6e0213a3668f5c476959d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757946", "to_ids": true, "type": "sha256", "uuid": "1c69a6e7-b5e9-4f0e-baea-0dded2f3ad68", "value": "7f00a4c3ececdf18046de203d01b5ffa64488044699a8d2ba38447159a75eb19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751613", "to_ids": true, "type": "ssdeep", "uuid": "7b09a31f-a373-427b-980b-4ed0d6b7dc67", "value": "768:DMNaaD7/r88Rzf0hm3cqhWOZjCVc1MTrSoYTUnWryF8RVyDrD:DEMm8hq4OZ51zoYTzryKRVyDrD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751613", "to_ids": false, "type": "size-in-bytes", "uuid": "09a239f6-5210-4710-b95d-43a9def650b0", "value": "44544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751613", "to_ids": true, "type": "vhash", "uuid": "e465fa7d-1e8d-4d26-ba40-0fb4570ce528", "value": "044046755e5519z56z83xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751613", "to_ids": true, "type": "filename", "uuid": "3da3e9f6-f952-408f-8834-4374336d3f30", "value": "5e2a44288e16ef9dbee6e0213a3668f5c476959d.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751613", "to_ids": false, "type": "text", "uuid": "36930bc6-d640-4861-bce8-378907ee8794", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:61/73\nFirst Submission:2012-03-20T15:10:14.000000+00:00\nLast Submission:2025-03-13T08:23:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758692", "uuid": "83086dcc-edec-4e53-84c2-01d62467d1cb", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758692", "to_ids": true, "type": "md5", "uuid": "eb0c1681-7e4c-4b6d-9e75-273d59c40932", "value": "1f751bf5039f771006b41bdc24bfadd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757946", "to_ids": true, "type": "sha1", "uuid": "f2e797ca-f053-4129-a078-b826e59ba089", "value": "d09c71934ae4a90f4a2bf8a9a22cc8ca709dcfba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757947", "to_ids": true, "type": "sha256", "uuid": "3f4468be-4888-4361-b823-4a7168510f1f", "value": "53a4e313a0d66e118cab97da2325c1f140134ed9764dec23a647fd4284a9c986", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751634", "to_ids": true, "type": "ssdeep", "uuid": "f72b5881-efc0-470b-b1c1-b0cab0fd150e", "value": "768:BhQzXEEvWLq9gWRwGXrbRQmmIGeV61IqjbBq7Q+T1h3DNHD:Bhw046Gw8R+FeK/bBq79h3DNHD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751634", "to_ids": false, "type": "size-in-bytes", "uuid": "b86c9bf8-be5c-43ff-8eeb-be2c6635dc4d", "value": "44416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751634", "to_ids": true, "type": "vhash", "uuid": "617835df-d896-42b0-bb55-1f1bfd9a7da3", "value": "044046755e5519z56z83xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751634", "to_ids": true, "type": "filename", "uuid": "ca575545-99e8-4271-bc2e-a4dcde5ca4d4", "value": "d09c71934ae4a90f4a2bf8a9a22cc8ca709dcfba.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751634", "to_ids": false, "type": "text", "uuid": "a2546870-cf9d-43b0-9bd8-019e3a3b7986", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:59/73\nFirst Submission:2012-01-18T19:17:54.000000+00:00\nLast Submission:2025-03-13T07:48:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758714", "uuid": "fd48b41a-402c-4c01-a965-3ca16cb2c6fe", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758714", "to_ids": true, "type": "md5", "uuid": "729ca37b-6bbc-49ce-b678-1231fe98d3ef", "value": "d10734a4b3682a773e5b6739b86d9b88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757948", "to_ids": true, "type": "sha1", "uuid": "1d62e8cf-e464-4444-b4eb-353c6638fe3a", "value": "80044754fd2fbea6f649cb9e3bf8c7887f463e6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757948", "to_ids": true, "type": "sha256", "uuid": "edce6de2-2f2b-43b4-9860-9bdf523410c8", "value": "850a36a386409ab49e8144e98cef216d6f1ee9a13f704a9f6dac7b3f25caee82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751657", "to_ids": true, "type": "ssdeep", "uuid": "9d7007ef-6224-4609-a1a4-e4474d88b590", "value": "1536:31MRrYox/dhwXN5Gq4V2emMNgqR7O/7Fqnmk3rHDSv:3+coxros2SNgqR7OTFqmkbHM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751657", "to_ids": false, "type": "size-in-bytes", "uuid": "69411d45-bbf6-4c4e-8c3e-603577cb1d00", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751657", "to_ids": true, "type": "vhash", "uuid": "5e49dc17-384a-48fd-a1b2-7844d0e7adf0", "value": "074046755d551031801004c006f9zfazb303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751657", "to_ids": true, "type": "filename", "uuid": "c47eba96-cc0f-4b6f-9cd5-441142e731d3", "value": "regedt32.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751657", "to_ids": false, "type": "text", "uuid": "22d8264d-a15d-49ac-9a03-63118e2fb4ff", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:58/73\nFirst Submission:2012-01-18T19:16:34.000000+00:00\nLast Submission:2025-03-13T08:26:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758736", "uuid": "030bd7b2-2350-4b0b-a726-e6822804c29e", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758736", "to_ids": true, "type": "md5", "uuid": "84f8de45-6645-40af-b979-0c6bd6526590", "value": "632bba51133284f9efe91ce126eda12d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757949", "to_ids": true, "type": "sha1", "uuid": "a446964f-b34a-43ab-ab76-6070188897b0", "value": "25b1b3c4e464e5bdec5b8f18160581684dbd282e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757949", "to_ids": true, "type": "sha256", "uuid": "627fc79f-a827-4942-b2d9-89070e770b09", "value": "67e91f77ff18c2969f536f17d577dde1f9be8b5fd91c6a38f3b02b0539ce5550", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751678", "to_ids": true, "type": "ssdeep", "uuid": "9f9bf6bc-0036-444c-ab3d-30bafb72b73a", "value": "1536:bOb7723nTkWVH3p7PQCcrLoZvdG4ls39e+bq6pxYnJTG79yj3JIlg7jmqnmk3rHM:bZ3Iip7o7rURTOeuq4YDjmg7jmqmkbHM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751678", "to_ids": false, "type": "size-in-bytes", "uuid": "1e1c1dc0-298c-4c22-931d-c4ff94e7e16c", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751678", "to_ids": true, "type": "vhash", "uuid": "a0d9fa94-7f98-40e4-8786-8f13c0420431", "value": "074046755d551031801004c006f9zfazb303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751678", "to_ids": true, "type": "filename", "uuid": "64593fe6-2029-4944-9e15-9cff4e1bc0ea", "value": "regedt32.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751678", "to_ids": false, "type": "text", "uuid": "212c4b8d-008d-48f8-afba-e2aa2bdf986b", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:58/73\nFirst Submission:2014-11-10T02:27:14.000000+00:00\nLast Submission:2025-03-15T01:12:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758757", "uuid": "6f7ec2a8-30e9-49e0-8dbe-b3a7613c59f1", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758757", "to_ids": true, "type": "md5", "uuid": "5d99e35a-dc33-4f32-ab38-02ac50bc5947", "value": "a22e08e643ef76648bec55ced182d2fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757950", "to_ids": true, "type": "sha1", "uuid": "20c77d0f-5cc2-404b-a6d3-9969e32d7bef", "value": "4a5f05587ef08ba6a0f97030b6df709ecd4931a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757951", "to_ids": true, "type": "sha256", "uuid": "faf863d2-6a66-4039-8840-264a9d1901cb", "value": "662bf18b8d778bdd8f995e55e404a719862c81a762dfbb3ecc5274c07e80c281", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751700", "to_ids": true, "type": "ssdeep", "uuid": "3f52b18f-65dd-4dc5-aab0-145994f21103", "value": "768:qaNeTBv5a2kGqbQAcseGTafxmrwMg17XGygyyqOGAiH4fGbvwQDVD:ZoqbQAm5mrs1j99ym4fs7DVD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751700", "to_ids": false, "type": "size-in-bytes", "uuid": "9dc32ec9-f877-459f-815d-8c96465505f7", "value": "44672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751700", "to_ids": true, "type": "vhash", "uuid": "a91763a8-548b-4ea7-818a-2c2592c2d92c", "value": "044046755e5519z56z83xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751700", "to_ids": true, "type": "filename", "uuid": "34d6cea4-cc9f-4d4b-bf7f-6b65ab49112b", "value": "4a5f05587ef08ba6a0f97030b6df709ecd4931a3.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 09/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751700", "to_ids": false, "type": "text", "uuid": "6be59ac1-2562-41e9-bbf6-04e74f0ace96", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:58/72\nFirst Submission:2011-03-13T23:48:56.000000+00:00\nLast Submission:2025-03-18T02:12:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758779", "uuid": "3fb72fd2-5517-4bc6-95ae-330ec3aed85d", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758779", "to_ids": true, "type": "md5", "uuid": "6d06eaf2-47bd-4e03-9221-e9868669e19b", "value": "04565d1a290d61474510dd728f9b5aae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757951", "to_ids": true, "type": "sha1", "uuid": "2d492559-74cf-4c16-9298-1b2b788e7e40", "value": "a5b21f0dea00c9242486a0f0f5f82264b662a6b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757951", "to_ids": true, "type": "sha256", "uuid": "9e1a8463-5473-41de-ae3c-cb6eb68f7dba", "value": "7ce1808482510162f9ecc52bb0d7c6ea32fa09bec7b4d6ba4cddf756dfa7fbfa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751722", "to_ids": true, "type": "ssdeep", "uuid": "a885183b-6b37-4c10-a1d6-19221bcd8e2e", "value": "768:nyUX2e1SaYy4GKXD83h8YlXANnIsU8qbCQANemPgJmcBgz3P50yCW6Itg6713372:nyOfEb8XXEnIV8qOAmPg5aWU6UgQ3e3p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751722", "to_ids": false, "type": "size-in-bytes", "uuid": "995df89e-b8c5-4fd4-a42f-ba20cdc663fe", "value": "44416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751722", "to_ids": true, "type": "vhash", "uuid": "bf5ca76d-0621-4505-a1af-3aa941691e63", "value": "044046755e5519z56z83xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751722", "to_ids": true, "type": "filename", "uuid": "93cf1a53-006a-40d0-ae3a-e9beaac86f6b", "value": "a5b21f0dea00c9242486a0f0f5f82264b662a6b3.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751722", "to_ids": false, "type": "text", "uuid": "39aaf867-b882-44a9-bd50-d3b939c328e2", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:58/73\nFirst Submission:2013-06-29T21:24:27.000000+00:00\nLast Submission:2025-03-13T08:26:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758802", "uuid": "449d3338-b1b2-4b62-9194-d836cfc8382b", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758802", "to_ids": true, "type": "md5", "uuid": "1b4a4c61-2ba3-4b76-ba0d-266a45ae212b", "value": "3c1bc5680bf93094c3ffa913c12e528b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757952", "to_ids": true, "type": "sha1", "uuid": "c3c71843-c881-4c66-a229-6d48274b9aef", "value": "35368cfc52c45218db7162a07b1be28743e73102", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757952", "to_ids": true, "type": "sha256", "uuid": "7c7dc664-d489-4668-916f-33b5d01c6eff", "value": "37b6763810a65da19f952801144349cce0330e7a1987e5baa089b0055713c7ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751743", "to_ids": true, "type": "ssdeep", "uuid": "6ff2942b-0eb5-42fa-8686-20840bd5b14d", "value": "768:5WhJF/c/9PN0YZusu7HJCVL2G4/A95e9bYkCLnjgnA4iDVD:aNclPNbc7pCt2L/A94yrP/DVD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751743", "to_ids": false, "type": "size-in-bytes", "uuid": "f84143f0-41a8-4a42-a311-f350bed7417f", "value": "44672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751743", "to_ids": true, "type": "vhash", "uuid": "fb763b26-8055-4943-b530-eee8d3cface6", "value": "044046755e5519z56z83xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751743", "to_ids": true, "type": "filename", "uuid": "52d8c499-0e3d-4707-a0b8-1e46293180c3", "value": "35368cfc52c45218db7162a07b1be28743e73102.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751743", "to_ids": false, "type": "text", "uuid": "0cb9ad9c-3064-4856-acdb-2ad26e3b6551", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:60/73\nFirst Submission:2011-02-17T12:31:52.000000+00:00\nLast Submission:2025-03-13T08:09:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758823", "uuid": "f3ab7757-5515-4da8-8292-009292ec67e5", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758823", "to_ids": true, "type": "md5", "uuid": "d17cde1a-ed39-454f-89c6-73801334d035", "value": "6a03d22a958d3d774ac5437e04361552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757954", "to_ids": true, "type": "sha1", "uuid": "af69c9da-f0f7-4672-914f-8f06260ac498", "value": "688fa57d2dff3cb37c747b6c2d9b32d0fa9011f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757954", "to_ids": true, "type": "sha256", "uuid": "63931034-82f7-4695-b53b-aeb74f2c15fd", "value": "deaccb7d0eb6b2e5f7c61b1afc54b764cc9e42c3b955e4e792713c067673c13f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751766", "to_ids": true, "type": "ssdeep", "uuid": "e6db23b1-c2a3-47c8-b012-b59e18f84b2d", "value": "768:MOE/yDxSaM8YfkzK0uKqniM0d/BAkY9MfhJ2+bHXRXUjLI5E+3DNHD:MOE6FSB8Yz0uKqnbCJAkam7HX5Uh+3Dt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751766", "to_ids": false, "type": "size-in-bytes", "uuid": "468b6789-405e-4f59-9f5a-1afb9e2c9446", "value": "44416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751766", "to_ids": true, "type": "vhash", "uuid": "d75e2ff5-67fb-4010-a625-f9dccb564582", "value": "044046755e5519z56z83xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751766", "to_ids": true, "type": "filename", "uuid": "c60445a4-df80-46e1-af4b-88cb422bf976", "value": "688fa57d2dff3cb37c747b6c2d9b32d0fa9011f1.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 19/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751766", "to_ids": false, "type": "text", "uuid": "82989b4d-d93f-4471-b4c6-45906fae0451", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:56/73\nFirst Submission:2012-01-27T15:08:41.000000+00:00\nLast Submission:2025-03-13T08:13:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758845", "uuid": "ab34fd66-933e-4b66-a1c2-bc546aed5662", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758845", "to_ids": true, "type": "md5", "uuid": "719ab748-c6ef-4491-b369-5c85a90877f5", "value": "0217eb80de0e649f199a657aebba73aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757954", "to_ids": true, "type": "sha1", "uuid": "abb7a1e8-fb05-4485-9c6c-e22d866b57f8", "value": "04f0bf703e4b2e322b0670efb392cc0b349d9317", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757954", "to_ids": true, "type": "sha256", "uuid": "e30158c0-48c9-44a3-bb6a-3febe2613492", "value": "85aa90ee802fb970049c866b0c7b1dad168c441f832c67d58fbeb8ffbafc1d39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751788", "to_ids": true, "type": "ssdeep", "uuid": "7f532385-fd0b-4527-a08e-31138c6b78a1", "value": "768:32EvcT868TRqAjRP0AXJkoB2/p87uFg3JqLXvft25hS9GDrD:zvoQ4USoQscOqLXvfEDrD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751788", "to_ids": false, "type": "size-in-bytes", "uuid": "95c37173-84f9-493d-8b1a-5d5f53b47372", "value": "44544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751788", "to_ids": true, "type": "vhash", "uuid": "7b7e055c-ad2a-42ea-b064-7ef690b80da1", "value": "044046755e5519z56z83xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751788", "to_ids": true, "type": "filename", "uuid": "ad4a81e7-988b-4b3b-ac5e-09873f1b1f44", "value": "04f0bf703e4b2e322b0670efb392cc0b349d9317.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751788", "to_ids": false, "type": "text", "uuid": "f2774695-8729-4cd5-a6c0-7a5260249604", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:56/73\nFirst Submission:2013-08-06T23:08:28.000000+00:00\nLast Submission:2025-03-13T08:08:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758866", "uuid": "f7368658-e589-4112-947c-dc366f1cbdbc", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758866", "to_ids": true, "type": "md5", "uuid": "ad4954ae-2d1a-4149-a8ff-2c91a631065d", "value": "f8453697521766d2423469b53a233ca7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757956", "to_ids": true, "type": "sha1", "uuid": "030c2372-055d-4fad-8e20-58733a05ec8d", "value": "c9d3762c87c16e43628b0f1c79ec42d83c1a5851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757956", "to_ids": true, "type": "sha256", "uuid": "0d55f410-eb39-4745-954b-e31500b10dab", "value": "050104122b91c41f0522bb680340ce6438b0a6c33b890021b7d27a29b69f7af7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751831", "to_ids": true, "type": "ssdeep", "uuid": "f3ba9cd3-ffcf-46a2-a079-315c8054ee1e", "value": "768:LHRF6lfdCYQHCG3jZR16h2kd4A+e/E2y+LiGdFeM7ANL6Geb0gxrazlalBZJhDTl:rMBaJT/kB+kEOLtSjL6nvDBD9D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751831", "to_ids": false, "type": "size-in-bytes", "uuid": "de73f3e5-e40c-4fa9-889f-0276fe96759a", "value": "46208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751831", "to_ids": true, "type": "vhash", "uuid": "2fe6fe25-b36d-4c34-befe-bac9e1dbc021", "value": "044046755e5519z56z83xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751831", "to_ids": true, "type": "filename", "uuid": "3ed62b0b-d3bb-4a29-ade5-f7b9244f25c6", "value": "c9d3762c87c16e43628b0f1c79ec42d83c1a5851.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751831", "to_ids": false, "type": "text", "uuid": "3368b755-712a-4927-b15a-c7eae06bdd3a", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:58/73\nFirst Submission:2012-03-20T15:08:06.000000+00:00\nLast Submission:2025-03-13T08:21:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758887", "uuid": "bddb0a69-ec9d-443f-a161-dd787a148448", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758887", "to_ids": true, "type": "md5", "uuid": "b47af866-36d8-4a14-9b10-883abbf00806", "value": "3f9dc60445eceb4d5420bb09b9e03fbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757957", "to_ids": true, "type": "sha1", "uuid": "c2172a69-f307-4ede-87dd-f9b0dea8cddb", "value": "904c6c0372229d1c32d9144374749116dcc6ecf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757957", "to_ids": true, "type": "sha256", "uuid": "2105445f-fba2-4970-8605-05d6ee35e9e5", "value": "72f556c52db37e98b334e3cc05e740be26aeae2abfebc72228e903cedfa0722b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751874", "to_ids": true, "type": "ssdeep", "uuid": "784070d2-bb43-440d-92ca-146b0d942504", "value": "384:LsGANiLLj1onGWMYTWhMBqQvgU4h9Mb7pQpt0zsx32uBuxvf4nWvpOUUFIjBffU9:9LLhKJHg04hiSt0QxmvHpHNskdBoij+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751874", "to_ids": false, "type": "size-in-bytes", "uuid": "83890d9f-83e6-4fb6-878f-a56c1f64bd4d", "value": "33792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751874", "to_ids": true, "type": "vhash", "uuid": "898e3121-86ab-4197-8347-6d02a04febe1", "value": "034076651d1e65151c7iz1yz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751874", "to_ids": true, "type": "filename", "uuid": "472377af-9d9c-4f01-bc5c-b9808e3ab46c", "value": "904c6c0372229d1c32d9144374749116dcc6ecf9.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751874", "to_ids": false, "type": "text", "uuid": "41cf26cc-204a-409e-8a11-7811ff5ebc60", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2010-10-01T03:59:05.000000+00:00\nLast Submission:2025-03-13T08:00:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758909", "uuid": "60579d94-ac5a-4d60-9abc-6edb86be70ea", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758909", "to_ids": true, "type": "md5", "uuid": "7a27a52e-1e54-4589-a5b8-8c6f42ba53c6", "value": "8f459ae20291f2721244465aa6a6f7b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757958", "to_ids": true, "type": "sha1", "uuid": "c47a72ab-5895-4e7c-a7d8-5c7ffadabaa4", "value": "e56e7cf17c40d556b5bca2af3ccd7561e41406e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757958", "to_ids": true, "type": "sha256", "uuid": "ef085c82-3fd8-4282-9d01-aafc9a11206d", "value": "bdae8988c4a4838902bdf794b34d40e6c6af0a76291c3ba02ea2a2c1ca9754a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751896", "to_ids": true, "type": "ssdeep", "uuid": "371d1b0c-6904-4c34-ab57-00cc5c7a644b", "value": "1536:Dj7NPK68p5D1pNxuoGhWwQcg40kq51S4qnmk3H:xPKVjNxuFhQZp5A4qmk3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751896", "to_ids": false, "type": "size-in-bytes", "uuid": "283a1ecb-885c-4be3-ab10-852bdfef42c1", "value": "56866" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751896", "to_ids": true, "type": "vhash", "uuid": "7c7b8bc7-0941-42bd-8d88-7c0976e2841c", "value": "054027755031801004c006f9zfazb303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751896", "to_ids": true, "type": "filename", "uuid": "52674d7c-e638-4802-bd1b-4eeacf41a3c5", "value": "e56e7cf17c40d556b5bca2af3ccd7561e41406e1.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751896", "to_ids": false, "type": "text", "uuid": "2c6b7af2-64bc-4547-8e1a-4eeced472683", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:57/73\nFirst Submission:2010-11-16T07:52:14.000000+00:00\nLast Submission:2025-03-13T07:49:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758930", "uuid": "67e005b1-4f7f-4a3c-9c45-7e210cbce482", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758930", "to_ids": true, "type": "md5", "uuid": "4f073705-0459-41e9-b2a6-3a6378804ebc", "value": "4b323d4320efa67315a76be2d77a0c83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757959", "to_ids": true, "type": "sha1", "uuid": "1ab80b2d-d4c5-4a73-b5e5-7b09c6fadd9f", "value": "c50fd6812567ea9093223ac02461eac46b2593bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757960", "to_ids": true, "type": "sha256", "uuid": "36a83191-b66e-4abb-91c0-c15e0f3bea44", "value": "37849533992604dc7ffc34ba3a259c6633a023d9201e03abcb5db555b3396213", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751917", "to_ids": true, "type": "ssdeep", "uuid": "7bc7380e-8c76-4957-9781-6a6bce49e9f2", "value": "768:v1LuD4sGgOKYenV/WeeT82Ht3mBg5rssweX7m2G0O8zCXQej8QeB5qIq75:VuD4suKY4V/Weh2Ht3+erVweXyIO8zCJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751917", "to_ids": false, "type": "size-in-bytes", "uuid": "7d16d9fa-a430-4cb0-b38c-a45ff60dc07f", "value": "39424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751917", "to_ids": true, "type": "vhash", "uuid": "91394860-da04-4aba-a933-9069d306fe8a", "value": "134066655d15155c5az1a7z201bz15z15z19" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751917", "to_ids": true, "type": "filename", "uuid": "71fd3e64-f9a3-4434-8217-6f76b04306e7", "value": "c50fd6812567ea9093223ac02461eac46b2593bf.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751917", "to_ids": false, "type": "text", "uuid": "a15f3fa0-a4a4-4093-86de-936c68e7dde5", "value": "BlackEnergy2\r\nType Description: Win32 DLL\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:57/73\nFirst Submission:2012-10-08T17:20:16.000000+00:00\nLast Submission:2025-03-13T07:52:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758952", "uuid": "9993e121-40ad-4b33-93a4-31c43ee76f1e", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758952", "to_ids": true, "type": "md5", "uuid": "6843f73e-977f-4282-af41-cc20ba4241b9", "value": "035848a0e6ad6ee65a25be3483af86f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757961", "to_ids": true, "type": "sha1", "uuid": "0d9c9552-28fe-4808-9a1c-9effb91c27a7", "value": "92ac3a65e527ccae564ec5bd3eae7b7280ae4574", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757961", "to_ids": true, "type": "sha256", "uuid": "9b6a0d5f-d213-4f6d-8ed5-609b03aa850b", "value": "0b1a359f0cabe6f985e91ff645660623833cb9c3a5ea29f2fa14c1c41d491790", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751939", "to_ids": true, "type": "ssdeep", "uuid": "6b2e4a95-9930-4982-ab61-5bf2d06adc1b", "value": "1536:KWB/YFoPT0xBywFliAgswJ7g7fP24XLFDxG/NL1t8gE:jdHPgawFli7swC7fP24XhDxGzfE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751939", "to_ids": false, "type": "size-in-bytes", "uuid": "87028f38-3aba-473a-ba53-6030a49f5231", "value": "87040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751939", "to_ids": true, "type": "vhash", "uuid": "612dcde6-a6af-4779-93b9-9529a28a8ccc", "value": "084036755552c1807006100216z18zc3z1051z29z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751939", "to_ids": true, "type": "filename", "uuid": "a2d5448a-a190-4bf1-a0ce-a3ea4cf24555", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 19/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751939", "to_ids": false, "type": "text", "uuid": "a7c2854f-6cc8-4893-beff-3813067724b1", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:MSIL/DataStealer.MK!MSR\nVT Total Detection:60/73\nFirst Submission:2013-02-10T20:32:36.000000+00:00\nLast Submission:2025-03-18T02:12:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758973", "uuid": "537e2c42-b38f-4c72-b8d5-fcfa59cd7176", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758973", "to_ids": true, "type": "md5", "uuid": "5d106d01-16d8-4910-8b13-8d448636b911", "value": "90d8e7a92284789d2e15ded22d34ccc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757962", "to_ids": true, "type": "sha1", "uuid": "3d07ca01-333e-4a28-bed2-8b9dc70f14ad", "value": "351d0b739625508eecc64bb4786553a99e270472", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757962", "to_ids": true, "type": "sha256", "uuid": "650f699d-f524-4741-8b41-d07f8529b992", "value": "58c69aa14f3f48f87de0f0a2e31928dd1eec87c04b0baefcce47508bd82d3ccf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751961", "to_ids": true, "type": "ssdeep", "uuid": "238359d4-a54d-4521-9d96-bbe3abff9f28", "value": "1536:rTbcm5zoSqKNPei/iffWowbVsK+waErRkj28gE:rTbcm5kS32fTwOXErRkjCE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751961", "to_ids": false, "type": "size-in-bytes", "uuid": "ac282162-7951-4147-91cb-c73e2cb250de", "value": "80896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751961", "to_ids": true, "type": "vhash", "uuid": "fb79bc1a-625c-4ab9-b17d-25f7d77a3948", "value": "08403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751961", "to_ids": true, "type": "filename", "uuid": "5081b2eb-ddd2-4571-baeb-15710ce14a3f", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751961", "to_ids": false, "type": "text", "uuid": "b31e0d05-04b9-478e-a558-a085ccbc2837", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Phdet.G\nVT Total Detection:62/73\nFirst Submission:2013-11-28T09:57:34.000000+00:00\nLast Submission:2025-03-13T08:03:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771758995", "uuid": "48705dcc-cc65-4e93-971b-e8a4559366f2", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771758995", "to_ids": true, "type": "md5", "uuid": "f472a40e-084c-419d-aa95-b5535d5203e4", "value": "edb324467f6d36c7f49def27af5953a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757963", "to_ids": true, "type": "sha1", "uuid": "43870481-e73f-4e29-9758-f5833da2010f", "value": "17588fe309c32dec91b0511a421a7db1308df1c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757963", "to_ids": true, "type": "sha256", "uuid": "7c5edf88-f79e-4a90-a8bc-8b503579e828", "value": "3a41d256cc0281ef6c8ab38207141a8b02135dc19083f93c97d0fab436440d90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771751983", "to_ids": true, "type": "ssdeep", "uuid": "3ccaf979-28e4-4cc4-9d54-98a0a5707db5", "value": "1536:PW4Y+72jtmDbqCCUOyfUj6Fl8zJa5Mhz8vA/eErRkjy8gE:fY+72pczCUOy8j6Fozx2ErRkjGE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771751983", "to_ids": false, "type": "size-in-bytes", "uuid": "a8937704-2313-4117-acf6-b493de1cbc8f", "value": "80384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771751983", "to_ids": true, "type": "vhash", "uuid": "8b12a8f3-f452-41cd-b5c9-ac1c45f334ae", "value": "08403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771751983", "to_ids": true, "type": "filename", "uuid": "6b00820b-833b-4619-8240-c65d3797d961", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771751983", "to_ids": false, "type": "text", "uuid": "497a9a9f-3a3c-4f97-8448-08face8fcbb7", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Phdet.G\nVT Total Detection:62/73\nFirst Submission:2014-09-01T12:02:28.000000+00:00\nLast Submission:2025-03-13T08:15:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759016", "uuid": "15cf1706-f337-433f-8449-fae61799a99b", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759016", "to_ids": true, "type": "md5", "uuid": "4c9c4b7d-7d0a-4bca-9744-e899f56cd3d8", "value": "c1e7368eda5aa7b09e6812569ebd4242", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757965", "to_ids": true, "type": "sha1", "uuid": "7f5e4e5e-4d59-4478-85aa-e33294eafa2c", "value": "5312e938c1d3e02c7b1fb741e59250944dbcb1a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757965", "to_ids": true, "type": "sha256", "uuid": "55e057fc-6ef1-4ceb-a563-e2f24a03b6d2", "value": "c0ee23f105a825f80e5d6a8962662e6deeca9f08741b529f7fc04da24a106052", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752004", "to_ids": true, "type": "ssdeep", "uuid": "0643c6dd-e0ee-4654-97fa-c060885b6251", "value": "1536:gIJXBz3YzBTu7NIyHUsJ3PZuGouVErRkj28gE:gQr6BtypxUgVErRkjCE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752004", "to_ids": false, "type": "size-in-bytes", "uuid": "e8a94a23-f749-4d06-b8f1-70e5a88db87d", "value": "80896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752004", "to_ids": true, "type": "vhash", "uuid": "ebb3271e-17ec-4059-9509-3835b5699797", "value": "08403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752004", "to_ids": true, "type": "filename", "uuid": "5b45c353-3a58-46d1-9cbe-d1c52c0bb91a", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752004", "to_ids": false, "type": "text", "uuid": "c606c69a-5e8f-4262-a58d-0334e755c5c4", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Multiverze\nVT Total Detection:63/73\nFirst Submission:2013-12-20T18:49:23.000000+00:00\nLast Submission:2025-03-13T08:22:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759037", "uuid": "a995b255-f0fa-4939-a72c-f2870fe095d6", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759037", "to_ids": true, "type": "md5", "uuid": "160a7aa4-0b05-4790-88b1-7db0bfcf9e89", "value": "ec99e82ad8dbf1532b0a5b32c592efdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757966", "to_ids": true, "type": "sha1", "uuid": "99147209-8791-41c9-85ed-ee50b91f02bd", "value": "c0ac447b63755116c4b8fbf8d0e00bf8953d6c77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757966", "to_ids": true, "type": "sha256", "uuid": "d5c0b89f-5a34-44b6-8176-011ba231ec63", "value": "3cbe2ed0b6f9635c1d4ebcb4b3eb580196a24fbd7f95a698253d18a506be12b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752026", "to_ids": true, "type": "ssdeep", "uuid": "475d94f0-be23-4544-874b-ade20f1e0328", "value": "1536:2Ssl6YP/Va3SpvogNfED/Qfi8Ri7BD2ErRkj28gE:qlza389fEjQK8UBSErRkjCE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752026", "to_ids": false, "type": "size-in-bytes", "uuid": "4fd46d1b-8aba-45bb-b24c-02f39711615e", "value": "80896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752026", "to_ids": true, "type": "vhash", "uuid": "d8637080-0885-43de-b286-11ef26062e66", "value": "08403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752026", "to_ids": true, "type": "filename", "uuid": "904d418d-3fb4-423b-8973-d2770edce2db", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752026", "to_ids": false, "type": "text", "uuid": "bd0a1651-2e32-4aad-a2aa-1b093bd2d545", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Phdet.G\nVT Total Detection:62/73\nFirst Submission:2014-01-05T01:33:35.000000+00:00\nLast Submission:2025-03-13T08:26:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759059", "uuid": "608cf69d-c3a4-4bbf-ad8b-87d1562e3eba", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759059", "to_ids": true, "type": "md5", "uuid": "800753fd-41cb-4d36-998a-1c9792f6c2b3", "value": "391b9434379308e242749761f9edda8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757968", "to_ids": true, "type": "sha1", "uuid": "828be7b8-d762-4440-899d-49aec50e00e0", "value": "b9810afb1ff09fcad7af82e8b37f88507df15ef1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757968", "to_ids": true, "type": "sha256", "uuid": "c9253fcb-219a-43d9-a1aa-31e0caa21cbf", "value": "b1227cf22c9353b591e4448478aa5a3d7e96d1578abd51316612fc949492f3e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752048", "to_ids": true, "type": "ssdeep", "uuid": "f0262c07-0087-4e15-a3ff-f2aee6e7e6e6", "value": "768:T+zw1OXc0l1Jkj+OvrMjR0ZjGzNbi9kdowLKMwmRQQ24cC5XrKcn8F:KDZbyqorMjRajGzNbi+dLMMG4ndKc8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752048", "to_ids": false, "type": "size-in-bytes", "uuid": "903ad384-def1-4ee7-8687-6344a5022c05", "value": "43520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752048", "to_ids": true, "type": "vhash", "uuid": "6f9227e4-2b63-44b6-955d-6db42a6958c4", "value": "044046751e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752048", "to_ids": true, "type": "filename", "uuid": "7679530a-f746-40fb-aadf-25e90d51fa79", "value": "b9810afb1ff09fcad7af82e8b37f88507df15ef1.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752048", "to_ids": false, "type": "text", "uuid": "4fb134a9-80fc-4637-87ce-3237a872a1b9", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:56/73\nFirst Submission:2012-07-05T18:17:39.000000+00:00\nLast Submission:2025-03-13T08:21:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759080", "uuid": "88b3c474-b386-485e-bc53-e08b5b0e314f", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759080", "to_ids": true, "type": "md5", "uuid": "bf02566d-7ab0-48d0-9cab-1250d9cde8b6", "value": "1feacbef9d6e9f763590370c53cd6a30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757968", "to_ids": true, "type": "sha1", "uuid": "38bb0cba-d4ec-4f35-b308-3e004e785ca6", "value": "ef565df2248c49a842a8caf35f4f62cdc22a136c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757969", "to_ids": true, "type": "sha256", "uuid": "67f88aa4-dcfd-4b9f-9619-6fe0440aba9d", "value": "1e5a13a42b38e6f7202b3699bcbfeb2b480045965ceda19380022acd0b2b9d96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752111", "to_ids": true, "type": "ssdeep", "uuid": "3b0faf85-5757-4e43-b142-a97c612afdd0", "value": "1536:bPKSH78dYiwKrjL1ynW1WJrZNgABFYs9/mJs8YB6dw:bd6z9jAnW4ZN/isge8YE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752111", "to_ids": false, "type": "size-in-bytes", "uuid": "13067d2c-e358-4a05-a93b-5342212bf700", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752111", "to_ids": true, "type": "vhash", "uuid": "2a0e6658-ffb7-4b79-810b-b48df4daba5f", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752111", "to_ids": true, "type": "filename", "uuid": "8f6c890f-c180-472c-9c60-a3cbd63bce44", "value": "ef565df2248c49a842a8caf35f4f62cdc22a136c.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752111", "to_ids": false, "type": "text", "uuid": "6bcf484e-537d-495a-9300-6963f37861ae", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:59/73\nFirst Submission:2014-02-26T02:02:34.000000+00:00\nLast Submission:2025-03-13T05:52:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759101", "uuid": "6169f465-5843-48a6-ac0c-530dd6430be9", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759101", "to_ids": true, "type": "md5", "uuid": "eae8c00e-fd87-40bc-a0e5-79877910ee7b", "value": "558d0a7232c75e29eaa4c1df8a55f56b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757970", "to_ids": true, "type": "sha1", "uuid": "3527c6b1-aa92-429e-8dbd-b41eba8575da", "value": "34344d0d619588b7d34749dc9c0ad7ce80d6790d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757970", "to_ids": true, "type": "sha256", "uuid": "4e0b75ce-559a-43a3-8aeb-192beddeedb7", "value": "2da7da2d019221c6f420bfb9b74ceb8cd9c5dfb74e8fb294910623440ffb1720", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752154", "to_ids": true, "type": "ssdeep", "uuid": "9a4ecaa7-2936-4f26-bf02-f926b60f160c", "value": "1536:xz/ucDzLi2xqSbipuQ4jtKxH2VK9QErRkj28gE:pWanRxqQAbWK2ErRkjCE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752154", "to_ids": false, "type": "size-in-bytes", "uuid": "a70b294d-3620-431e-9d6a-c1156de12538", "value": "81408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752154", "to_ids": true, "type": "vhash", "uuid": "2fa3d89b-1369-4f36-a080-7fcec188b8c7", "value": "08403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752154", "to_ids": true, "type": "filename", "uuid": "a005ef50-3e16-4fe7-be46-e45c7fe19334", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752154", "to_ids": false, "type": "text", "uuid": "70a899ae-7c46-4238-a1e3-e03dda0cfa16", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:66/73\nFirst Submission:2014-03-24T15:05:38.000000+00:00\nLast Submission:2025-03-13T07:53:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759123", "uuid": "b2c72591-fbc8-47ab-8e4f-327e7dd35f8b", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759123", "to_ids": true, "type": "md5", "uuid": "0daa8634-9d6b-4a46-b25a-86664f643a97", "value": "1821351d67a3dce1045be09e88461fe9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757971", "to_ids": true, "type": "sha1", "uuid": "d08f75ef-2920-454c-9593-d89225dc0a7c", "value": "4484dfeaa13a21b5b30a1dd866ce7667c74b55d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757971", "to_ids": true, "type": "sha256", "uuid": "b850b436-00c9-4f1e-b524-18e6b8dc01c6", "value": "5d844a35b1b77d57ab4604abb41ceb3c5146df8ab598f26980124dab3d4ab39e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752197", "to_ids": true, "type": "ssdeep", "uuid": "cd52e686-af07-4a4a-bcca-7c65aeb75e3e", "value": "1536:bfY5O5PHZLPkVifIHjbDH6N3x4QirW+ErRkj28gE:bLtZDpfIDbDaN3x0W+ErRkjCE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752197", "to_ids": false, "type": "size-in-bytes", "uuid": "f06efdc4-5905-4779-94d9-429ea370a108", "value": "80896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752197", "to_ids": true, "type": "vhash", "uuid": "7109c665-555f-4189-a235-5865b9fe44aa", "value": "08403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752197", "to_ids": true, "type": "filename", "uuid": "4fbd5cb6-175a-4e6b-ad5d-48d256aba427", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752197", "to_ids": false, "type": "text", "uuid": "f244ae71-9fef-47ab-b3a5-56faa58169a5", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Phdet.G\nVT Total Detection:63/73\nFirst Submission:2014-04-10T19:36:15.000000+00:00\nLast Submission:2025-03-13T07:49:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759144", "uuid": "95b3c6c5-00a0-4780-ae4f-b4d5305fcf8a", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759144", "to_ids": true, "type": "md5", "uuid": "0cf1cc2a-c97c-4153-ac19-4f4a5529ab84", "value": "b1fe41542ff2fcb3aa05ff3c3c6d7d13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757973", "to_ids": true, "type": "sha1", "uuid": "960328dc-176a-4bda-a1c7-e32133540e1a", "value": "4d3f56365fa5196fc7fd9e7c54242d1b5e2a31fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757973", "to_ids": true, "type": "sha256", "uuid": "a99fcaa2-8b93-4eef-808c-ebc1541ae08b", "value": "8d8963aa98203a11b3a6d7772d9f9dce54df6bc33796f0fecb9057571b11635b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752219", "to_ids": true, "type": "ssdeep", "uuid": "7b44ed8b-0286-4554-bf90-64e616ba9f66", "value": "1536:oNhdxsVLnm/8joqlOfLi8joxzjAL0vdFUAkO+XBeiWtDKzDZv:UlsJOTOcKjAgvMAkuYDZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752219", "to_ids": false, "type": "size-in-bytes", "uuid": "723bce31-6a0a-4a4f-ac8e-a523a0abf066", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752219", "to_ids": true, "type": "vhash", "uuid": "2c92831f-9aed-41cb-867c-5e5471db607b", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752219", "to_ids": true, "type": "filename", "uuid": "2602e45d-cc81-4152-85b7-df86c7df2031", "value": "4d3f56365fa5196fc7fd9e7c54242d1b5e2a31fe.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752219", "to_ids": false, "type": "text", "uuid": "9a0441d9-9e6b-4e62-b2e1-2c1aec4382c5", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:57/73\nFirst Submission:2014-02-26T02:01:27.000000+00:00\nLast Submission:2025-03-13T08:01:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759166", "uuid": "70c04d7d-4f13-46e4-a090-4d1ce3685496", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759166", "to_ids": true, "type": "md5", "uuid": "850ee223-d7bd-40f6-9fba-1bd3bdf4ee1e", "value": "53c5520febbe89c25977d9f45137a114", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757974", "to_ids": true, "type": "sha1", "uuid": "34d4d133-7b5e-4b5d-a59f-c2a86d9b8e09", "value": "093ca8ed50759e49d1b67cbd027293614c70d337", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757974", "to_ids": true, "type": "sha256", "uuid": "504d687e-a80d-45b8-9562-23ff08f2f141", "value": "c8420f2bbcb878259a0d8fa08076148e2425c4ca92554dd3c57ac7200215f44e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752240", "to_ids": true, "type": "ssdeep", "uuid": "464c859a-adf5-413c-8610-481d9a8658cf", "value": "1536:ZHIeId9lBUNsiLglLGk/bQvTkM1xWzIAw:uFvIsVGt4MqzIA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752240", "to_ids": false, "type": "size-in-bytes", "uuid": "a22f5339-0a13-4031-aa86-53df8e31d749", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752240", "to_ids": true, "type": "vhash", "uuid": "96d94649-8b37-45f8-ad8f-926f0263ba94", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752240", "to_ids": true, "type": "filename", "uuid": "81a37776-93d8-4531-98b6-2843aebab19b", "value": "093ca8ed50759e49d1b67cbd027293614c70d337.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752240", "to_ids": false, "type": "text", "uuid": "c4c6bab3-59eb-42c3-8023-1205e7a591f7", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:57/73\nFirst Submission:2014-02-18T18:13:09.000000+00:00\nLast Submission:2025-03-13T08:00:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759189", "uuid": "2da68294-ec29-4ce6-8821-c6c1d39967cb", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759189", "to_ids": true, "type": "md5", "uuid": "4ea090cf-7613-4233-9c09-84a7f3fceedf", "value": "4513e3e8b5506df268881b132ffdcde1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757975", "to_ids": true, "type": "sha1", "uuid": "69d615a0-b467-424c-8cc4-c8d677207da2", "value": "99c729f29d586ee3379098faa20b87cf5f17579a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757975", "to_ids": true, "type": "sha256", "uuid": "eb92e4b4-2e76-4917-9343-495b6e898cb2", "value": "1a38f7938bce1ea5baffd425bf2b6aff7271f0eeb945d65216a3960fe3ebf78f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752262", "to_ids": true, "type": "ssdeep", "uuid": "12f4765c-4cdd-4d95-b3e6-0fc926c29855", "value": "768:wBghfkbfDc8nfxe0lGTsMewCFgl8UGJKWxAvm2GkO8zCX4or6HdlNTQ6:V8nfxoTsMeHF3JKyAOYO8zCIoElN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752262", "to_ids": false, "type": "size-in-bytes", "uuid": "4ea20636-fda4-470f-8395-021a160eebc1", "value": "39936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752262", "to_ids": true, "type": "vhash", "uuid": "05460fad-45da-47b5-a40b-4a20b1e0672c", "value": "134066655d55155c5bz89z1rz19" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752262", "to_ids": true, "type": "filename", "uuid": "e156a4d2-963a-45e8-bba8-bc064f43a325", "value": "99c729f29d586ee3379098faa20b87cf5f17579a.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752262", "to_ids": false, "type": "text", "uuid": "7a9cd6ff-a971-4fae-84a7-a52d81db80ba", "value": "BlackEnergy2\r\nType Description: Win32 DLL\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-04-05T06:38:18.000000+00:00\nLast Submission:2025-03-13T07:59:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759211", "uuid": "e480d5b1-9459-47d5-9214-0ca98ec012b3", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759211", "to_ids": true, "type": "md5", "uuid": "2d05a685-777f-470d-a108-b332c18a557f", "value": "19ce80e963a5bcb4057ef4f1dd1d4a89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757977", "to_ids": true, "type": "sha1", "uuid": "ae5eab39-88c0-4d1c-bb6b-9066870aa646", "value": "1b5030fb2436c587bf1d57a0a7c0a9da42325e0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757977", "to_ids": true, "type": "sha256", "uuid": "3b464e97-d86e-4659-ac7a-f15807015a17", "value": "a819e910e7b3a7f1ca2c9ce2086345d039825d426d465d8324fd8ca9163800ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752284", "to_ids": true, "type": "ssdeep", "uuid": "3a231863-e06e-439e-a3a2-6a5c4ebc146d", "value": "1536:UXLsRZCbc2n8PFC66wq+R0NKDHoTAJKb4C+sHICQvH0DCAYv:UYRZ+cXPc6zq+RM0oTALD6CH0DCJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752284", "to_ids": false, "type": "size-in-bytes", "uuid": "dde15a60-8dbb-4ed5-9924-3898e44bc2f8", "value": "75264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752284", "to_ids": true, "type": "vhash", "uuid": "e2d34d16-db76-4892-986e-aa2e0625f392", "value": "074046755d551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752284", "to_ids": true, "type": "filename", "uuid": "c8b2f520-3a63-4d22-a75d-8ed2d6155638", "value": "regedt32.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752284", "to_ids": false, "type": "text", "uuid": "001a1393-ec1d-474c-9e4f-791a45a036bd", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Rustock.E\nVT Total Detection:57/73\nFirst Submission:2013-12-19T13:51:58.000000+00:00\nLast Submission:2025-03-13T07:59:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759233", "uuid": "d17f795f-250b-40c4-b0e6-c031e3d05991", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759233", "to_ids": true, "type": "md5", "uuid": "80fa25bb-c9f3-4eba-a47c-eb7157c59143", "value": "9b29903a67dfd6fec33f50e34874b68b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757978", "to_ids": true, "type": "sha1", "uuid": "59c88e54-8ce8-4fb0-8a8a-d1be41b1ea82", "value": "cc71aa8f919911676fb5d775c81afc682e6e3dd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757978", "to_ids": true, "type": "sha256", "uuid": "8deb754c-c59d-4ae0-ba3b-bad9bfc0217a", "value": "951e5623c20d4e9ab158fe105436389dbf61327b2c87b7fb36f8ad3ff5ad9bde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752306", "to_ids": true, "type": "ssdeep", "uuid": "8ffa0004-9404-4910-9eeb-762707d1bde5", "value": "1536:UXLsRZCbc2n8PFC66wq+R0NKDHoTAJKb4C+sHICQvH0DCAYv:UYRZ+cXPc6zq+RM0oTALD6CH0DCJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752306", "to_ids": false, "type": "size-in-bytes", "uuid": "92d00d29-9c91-45c7-8b4e-5fa4993b5f06", "value": "75336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752306", "to_ids": true, "type": "vhash", "uuid": "792710ff-b5fc-417a-96af-11ef65739b98", "value": "074046755d551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752306", "to_ids": true, "type": "filename", "uuid": "139f1703-b314-4750-a4e6-0d2460d0fc5f", "value": "regedt32.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 07/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752306", "to_ids": false, "type": "text", "uuid": "445a9e0d-57ed-467d-9ca7-2264ad0cb0bd", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Rustock.E\nVT Total Detection:63/72\nFirst Submission:2012-07-11T19:14:40.000000+00:00\nLast Submission:2025-03-13T07:44:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759255", "uuid": "dd652020-0232-4b25-8a8d-3890e2dd8f3a", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759255", "to_ids": true, "type": "md5", "uuid": "e2b50dba-2214-4c8c-9d7d-8e0c3e16c360", "value": "b637f8b5f39170e7e5ada940141ddb58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757979", "to_ids": true, "type": "sha1", "uuid": "5a7cbce8-9dff-4089-b764-f70d23d42382", "value": "99753d4852619884eefd49362ff732af81e613d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757979", "to_ids": true, "type": "sha256", "uuid": "26b95bb7-ffc7-44be-800b-c406f104743c", "value": "4a0cb0f20dae069d1a0cbb57683fe3870a13f18d64eb4ea096187376105106ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752327", "to_ids": true, "type": "ssdeep", "uuid": "87f06e04-aa04-4942-a1a4-eba6f0103944", "value": "768:XZuVXl2CmNMPPO7G+ddWyDsj9O6pq6bjOeXYP8SNQe2NyqF:pyoM34wAy9ZjRXYESAyq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752327", "to_ids": false, "type": "size-in-bytes", "uuid": "536c0e85-80eb-408a-a4fb-c2c0b28f8e4d", "value": "44032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752327", "to_ids": true, "type": "vhash", "uuid": "b483ac9c-f64f-4c62-94ca-baffb9f21303", "value": "044046751e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752327", "to_ids": true, "type": "filename", "uuid": "89ea6b03-d523-4b38-83bb-8c9531d9e3f5", "value": "99753d4852619884eefd49362ff732af81e613d5.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752327", "to_ids": false, "type": "text", "uuid": "3f70cad0-02c8-4a39-b846-1526defdf36d", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:57/73\nFirst Submission:2012-09-03T13:08:26.000000+00:00\nLast Submission:2025-03-13T08:10:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759276", "uuid": "2f732d01-da7a-4a4d-85c1-9f6340e63333", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759276", "to_ids": true, "type": "md5", "uuid": "6bdcb502-e8a4-4ec9-87e6-228c819cf111", "value": "c09683d23d8a900a848c04bab66310f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757980", "to_ids": true, "type": "sha1", "uuid": "7c4a72b7-388c-407c-a706-dec7f9116d24", "value": "656edb9936ea6fa3e891e37df256f9c040351f74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757981", "to_ids": true, "type": "sha256", "uuid": "98f3d886-244a-4e0c-8b65-f290589a8bb7", "value": "12d68685b7ea3a1ea0c0f89b853f3190aee672e56a47a8602a400416dc4aa1c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752349", "to_ids": true, "type": "ssdeep", "uuid": "4b928846-bbb5-4b02-8399-02433ca18281", "value": "1536:XatqWCQq8xAN6/0VC5En7Q1jtUUe406eQFLTn8kRD2lKKZ1kX58bH0DCAYv:JWhqkAN6/gd8RrL06eQFUkjKZ1kSbH0a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752349", "to_ids": false, "type": "size-in-bytes", "uuid": "54c2124b-a2e3-4f35-9a01-931698fe6465", "value": "75776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752349", "to_ids": true, "type": "vhash", "uuid": "7a2801a1-184a-4774-9d12-01f2faaa2757", "value": "074046755d551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752349", "to_ids": true, "type": "filename", "uuid": "20b061b8-35b2-4f74-93d2-81866ab1b505", "value": "regedt32.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752349", "to_ids": false, "type": "text", "uuid": "19021511-ccae-440a-9c15-ca7cf8a9b07e", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Multiverze\nVT Total Detection:60/73\nFirst Submission:2012-08-14T18:57:16.000000+00:00\nLast Submission:2025-03-13T07:57:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759297", "uuid": "a6902867-e837-4bc0-bebe-436df8e8388b", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759297", "to_ids": true, "type": "md5", "uuid": "480cb31b-516d-402b-a903-d69824de64fc", "value": "6d4c2cd95a2b27777539beee307625a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757981", "to_ids": true, "type": "sha1", "uuid": "275538fe-a18d-4908-9d0a-8a4c91beb38c", "value": "edc229599b3ea9f9c76d87c1e488994956a4d194", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757981", "to_ids": true, "type": "sha256", "uuid": "8107308f-80b8-4c57-9e29-eb46a43b42b7", "value": "b2c96b35c4afe0d8244b6a853c4ee3d85d23df514cbcce4d314327d7fea988ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752371", "to_ids": true, "type": "ssdeep", "uuid": "59643d3c-203b-4971-b57d-7f077377a4bd", "value": "768:K86f302NmFAhkackw6kaybtYx//3mIgZIFXmKHykvUzaOZkmqTlG1yFW8477w11F:K8e0jFSkaEVYx/MIFXmKSNa0km9cWpy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752371", "to_ids": false, "type": "size-in-bytes", "uuid": "fc76ceb1-dffb-4856-8eb6-efc35f89b140", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752371", "to_ids": true, "type": "vhash", "uuid": "d95b0a75-6f13-4d79-a501-493d2f2d3640", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752371", "to_ids": true, "type": "filename", "uuid": "9f022758-f675-4698-8f81-aaa4349599f4", "value": "edc229599b3ea9f9c76d87c1e488994956a4d194.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752371", "to_ids": false, "type": "text", "uuid": "c8588ce5-cd52-48c1-aeed-860c96aac8ef", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-04-23T16:15:22.000000+00:00\nLast Submission:2025-03-13T07:51:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759319", "uuid": "eec8951a-2959-431e-a733-3e0d1746074a", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759319", "to_ids": true, "type": "md5", "uuid": "60f51402-28bb-4132-9347-b13e5398163e", "value": "e32d5c22e90cf96296870798f9ef3d15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757983", "to_ids": true, "type": "sha1", "uuid": "a0d463fd-efa9-4130-a01b-9d60e953172b", "value": "cb76da24a344a034389dc7f1e81b86e2c2ac7ecc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757983", "to_ids": true, "type": "sha256", "uuid": "aa882884-822d-41cf-9fe1-0e2cb2b12a91", "value": "c3283c6926624a43725bef27d8c0c06765282d872b38518695a62a518b0fa808", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752393", "to_ids": true, "type": "ssdeep", "uuid": "273eca2e-c931-4e58-9062-9679e299c80b", "value": "1536:HWfyeTKZh8OX2Qt8F2zYV52eBBfts/GLF/SK6E:HfeTKEZQ82ze2e/f+/GLlr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752393", "to_ids": false, "type": "size-in-bytes", "uuid": "a1dd062b-867b-416e-b3ff-fde3cb193da4", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752393", "to_ids": true, "type": "vhash", "uuid": "438b4465-1576-41f1-aa8f-cc921687555b", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752393", "to_ids": true, "type": "filename", "uuid": "c634d01e-e583-407b-9406-2f5bf691e203", "value": "cb76da24a344a034389dc7f1e81b86e2c2ac7ecc.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752393", "to_ids": false, "type": "text", "uuid": "ecd82b8f-8d8c-4b5a-959c-4e4a55e5683a", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:57/73\nFirst Submission:2014-05-05T09:16:26.000000+00:00\nLast Submission:2025-03-13T08:16:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759341", "uuid": "7fce9d22-63b3-48e9-851f-6476ccd52692", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759341", "to_ids": true, "type": "md5", "uuid": "b329fd5f-937d-4abb-b0f1-d6d716e6297c", "value": "64c3ecfd104c0d5b478244fe670809cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757984", "to_ids": true, "type": "sha1", "uuid": "ca6c5031-a916-46e1-85a5-4fb01a92e2da", "value": "056801ce8cfad0b7c758476466a8e492dcfad977", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757984", "to_ids": true, "type": "sha256", "uuid": "e376bc92-6aea-4b2e-947a-eaa85f76d5e4", "value": "11bbd14e7f6a480a43e53e61a0e08bc271401a2d8e6319081296d1953f91bbd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752414", "to_ids": true, "type": "ssdeep", "uuid": "e03f0298-55b2-4e5a-b7ef-f62e0a5bfb19", "value": "3072:4tNuPNrRexCuD0wIN4jXZdbQCj5wdcSfRvcleocRqexQd7FiZz06RUHlH0DCv:2NENrMxCIINaZ5j2ffZcqTxQdRiZzMHl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752414", "to_ids": false, "type": "size-in-bytes", "uuid": "3e61f92d-435d-431f-b237-972879f55452", "value": "173056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752414", "to_ids": true, "type": "vhash", "uuid": "6ab1302d-288f-4bce-a8b0-c974c6d1f98b", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752414", "to_ids": true, "type": "filename", "uuid": "77c6b62e-a2f5-4fa0-a64c-87ee66089897", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752414", "to_ids": false, "type": "text", "uuid": "85e84682-d945-4142-9743-f853276eee1e", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:62/73\nFirst Submission:2014-05-28T08:51:54.000000+00:00\nLast Submission:2025-03-13T08:26:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759362", "uuid": "1b0c0f8a-de54-45ea-a13d-045c11350ef9", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759362", "to_ids": true, "type": "md5", "uuid": "c8c6f3ea-ba88-4503-99a2-48df5ad7ea99", "value": "b69f09eee3da15e1f8d8e8f76d3a892a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757984", "to_ids": true, "type": "sha1", "uuid": "65a020f9-74fa-41e5-9e4c-42f134d82a2e", "value": "0be32ae6679036e06686dd7a9784f76256059428", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757985", "to_ids": true, "type": "sha256", "uuid": "9d2de365-89e3-4505-91b9-c00cd2d9eee9", "value": "aa1da70ed1588f0e055d969603f4378b041b46a4c8b806588883e7365cd68bf6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752436", "to_ids": true, "type": "ssdeep", "uuid": "5da848ca-a891-430f-ae2b-88b6c1bc501c", "value": "1536:F83JzWwEhcZJNBXkdwhZP6ox91nGWQhW7J9XsJ:FSiwECrNydwT9SW78" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752436", "to_ids": false, "type": "size-in-bytes", "uuid": "82efba97-5d76-4fa2-80d7-212155dcf55f", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752436", "to_ids": true, "type": "vhash", "uuid": "b8463637-aebe-4c46-83c4-83711a803b45", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752436", "to_ids": true, "type": "filename", "uuid": "1b4a7f6e-b364-47c2-b5dc-8c7e712732bf", "value": "0be32ae6679036e06686dd7a9784f76256059428.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752436", "to_ids": false, "type": "text", "uuid": "ac5e8683-7cd5-4cda-9a84-d4be0c5da4c0", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-05-28T09:19:39.000000+00:00\nLast Submission:2025-03-13T08:12:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759384", "uuid": "e583e0d4-313d-44b9-8051-91234262e5da", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759384", "to_ids": true, "type": "md5", "uuid": "1e305675-7ebb-4488-b6b8-92d5e90d023f", "value": "294f9e8686a6ab92fb654060c4412edf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757985", "to_ids": true, "type": "sha1", "uuid": "3b675996-f974-4166-816f-37db1420ac94", "value": "9bab8feedc108ea5cf673bb6b27797721553e4ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757985", "to_ids": true, "type": "sha256", "uuid": "c61f1492-d0ac-4472-b185-c931d509317e", "value": "01889009056381568ec13f391dd135e709c7551ad6e212953de4c3d87b9b5679", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752458", "to_ids": true, "type": "ssdeep", "uuid": "909b565e-b12a-44ab-a3d8-4f048d006f07", "value": "3072:f+S4ioeebUhlVq2xs/nKhH3qQuyHexXAKEEDIH3WxG21taut0posnPxzHlH0DCv:f+S4ioee+K2u/nFFMexbEED2mMgeVPxx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752458", "to_ids": false, "type": "size-in-bytes", "uuid": "fae48a3a-344f-4080-93f0-f0bd7548cf98", "value": "173056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752458", "to_ids": true, "type": "vhash", "uuid": "0b5c4ea7-44b0-47bd-a880-586b3c388dd6", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752458", "to_ids": true, "type": "filename", "uuid": "2d34cde4-53a9-4343-b28f-b9f3809f9412", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752458", "to_ids": false, "type": "text", "uuid": "a915231e-534e-4db2-9dda-58d5b86e1a9f", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Worm:Win32/Phdet.B\nVT Total Detection:63/73\nFirst Submission:2014-05-29T22:02:19.000000+00:00\nLast Submission:2025-03-13T08:14:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759406", "uuid": "d60f8dd0-0929-4db1-a4d5-5651b844f4d8", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759406", "to_ids": true, "type": "md5", "uuid": "e42310eb-1879-493c-b076-0db3f01f93af", "value": "6135bd02103fd3bab05c2d2edf87e80a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757987", "to_ids": true, "type": "sha1", "uuid": "3422abf1-3599-4f69-b5b0-1739e9a969e6", "value": "a488602ac042433e08d7a62cb746bc17724b82a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757987", "to_ids": true, "type": "sha256", "uuid": "e924d9d4-d56d-4c05-9b44-7202fc0fd10a", "value": "4815a20a42ea82a15860bc4ed60965e5147ff071ca0b266c879554462b187945", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752480", "to_ids": true, "type": "ssdeep", "uuid": "90f5dacb-3d99-438a-8bbd-3a6c958f67aa", "value": "1536:1N+IdGmKpt8EXWJTJzWR3rJomtIQvOwD:b+I4gJI3rJoIIQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752480", "to_ids": false, "type": "size-in-bytes", "uuid": "0efe98bb-2193-4c04-8d43-b942e1fb8fc8", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752480", "to_ids": true, "type": "vhash", "uuid": "50e96bda-755d-40e6-aff0-84b87f26e4ca", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752480", "to_ids": true, "type": "filename", "uuid": "d5bbe574-0ed4-4c17-8fbd-f46f5f410ec1", "value": "a488602ac042433e08d7a62cb746bc17724b82a2.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752480", "to_ids": false, "type": "text", "uuid": "f6bb181e-fb20-483b-8e27-b07c2b5c3426", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:55/73\nFirst Submission:2014-06-12T18:50:28.000000+00:00\nLast Submission:2025-03-13T07:44:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759428", "uuid": "4ee85056-6337-49e5-8ba8-38132fcd0d4d", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759428", "to_ids": true, "type": "md5", "uuid": "bac192f3-6ec1-47cc-9d24-6f24578e112e", "value": "b973daa1510b6d8e4adea3fb7af05870", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757988", "to_ids": true, "type": "sha1", "uuid": "763bea43-0d92-4cd6-aefc-bc1587081946", "value": "767bf89ba05ed6280efffe374cc5c2cfcb5ec6ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757988", "to_ids": true, "type": "sha256", "uuid": "f424e50c-f24d-4eb3-9e94-c508969f09eb", "value": "136633e712ac52a0a5e0e7235f28efcd536eb929b700b07da1dedc422686d8e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752501", "to_ids": true, "type": "ssdeep", "uuid": "818d0789-d8bf-439a-86da-c1a1f8f4c9fa", "value": "768:umCWaJ8bkK7gmn2munI1MEUYpjt9ivGEDCuPi+9/AL/f0kje5I6cyGWKuUF:Tlafh0R5bix7iYUskje5ey3JU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752501", "to_ids": false, "type": "size-in-bytes", "uuid": "7ac0ec30-730c-4d09-b534-d61bc33f5809", "value": "59904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752501", "to_ids": true, "type": "vhash", "uuid": "99c6ee74-5c25-4dbf-a2d6-b65612b9bb2f", "value": "05405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752501", "to_ids": true, "type": "filename", "uuid": "9f96e285-f166-4db0-83a2-a5d9d7aaeec3", "value": "767bf89ba05ed6280efffe374cc5c2cfcb5ec6ae.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752501", "to_ids": false, "type": "text", "uuid": "c8f5b165-2fa4-4c4f-925c-a5b6ea42d5b2", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-06-15T00:25:38.000000+00:00\nLast Submission:2025-03-13T08:27:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759449", "uuid": "946cb1dd-b825-43c4-ac2f-7c8cfede55c3", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759449", "to_ids": true, "type": "md5", "uuid": "69c131f6-c5f4-4d50-8754-3bb76fa1900f", "value": "8dce09a2b2b25fcf2400cffb044e56b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757990", "to_ids": true, "type": "sha1", "uuid": "0fc47bff-4229-4770-921b-c7d1e81dcedd", "value": "7d8a32b27dc8031cc145395447489fb2d70f596e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757990", "to_ids": true, "type": "sha256", "uuid": "18c9734c-c6a8-4b44-b00e-b81da6dffa39", "value": "389250c8f67988fbc9582fac0b184b7a133b1723a1464438e6e0cdd4826d686d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752523", "to_ids": true, "type": "ssdeep", "uuid": "3971e2de-a66c-4b11-bd07-6ca91c222c73", "value": "1536:b8xPojJq6LtMduKI0YuaJYGviHV9Pw9H5Jm3/ou:TBqRIruUYGveH4p5Jmvo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752523", "to_ids": false, "type": "size-in-bytes", "uuid": "8aa0143a-3591-416b-b0e7-a768278cf9e6", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752523", "to_ids": true, "type": "vhash", "uuid": "5998d2f6-659e-499e-aec2-834e8a430d01", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752523", "to_ids": true, "type": "filename", "uuid": "9ac7cb29-0078-4df7-8cab-6d9575468abd", "value": "7d8a32b27dc8031cc145395447489fb2d70f596e.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752523", "to_ids": false, "type": "text", "uuid": "128b5ef1-1ca3-4880-8ffe-ac402125f4cb", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:55/73\nFirst Submission:2014-06-02T08:58:15.000000+00:00\nLast Submission:2025-03-13T08:12:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759471", "uuid": "23a7a10e-0234-4a47-bb09-654a12bc8a37", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759471", "to_ids": true, "type": "md5", "uuid": "55ef1da8-e83d-4176-b136-4e380e636003", "value": "6008f85d63f690bb1bfc678e4dc05f97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757990", "to_ids": true, "type": "sha1", "uuid": "ec35faf2-0bb8-4489-9dac-349bd43909a2", "value": "65ac2c368750043d95e89e37d0dad88a97309179", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757991", "to_ids": true, "type": "sha256", "uuid": "60ed3eca-e159-4665-b901-dfab72eac2b8", "value": "c73b990c0deaf828d7100269ac3f8567a4d946ce9b893d8f617700a194981cf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752545", "to_ids": true, "type": "ssdeep", "uuid": "0a585cc7-fac6-46ef-b36c-fa4e4486eaac", "value": "1536:ht2T68q65GPk8MW9CdMSMvPXzNZHoqDnBWDsl9:3d8q7h9C4PXzbIn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752545", "to_ids": false, "type": "size-in-bytes", "uuid": "f92d70db-d4c4-42bd-86ae-f15e56fec110", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752545", "to_ids": true, "type": "vhash", "uuid": "292fa76b-f1f3-4682-9872-e1d9c90e74e5", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752545", "to_ids": true, "type": "filename", "uuid": "aa9ada29-3b3f-44ff-b80e-911e231420c5", "value": "65ac2c368750043d95e89e37d0dad88a97309179.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752545", "to_ids": false, "type": "text", "uuid": "08616987-ba65-464f-8f04-b0e890c851bb", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:52/73\nFirst Submission:2014-06-07T08:52:42.000000+00:00\nLast Submission:2025-03-13T07:41:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759492", "uuid": "9474fadd-0e9b-47a7-8e8f-248ddafb39d6", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759492", "to_ids": true, "type": "md5", "uuid": "6eb2682e-cf2e-4d99-a8b6-74d09275384d", "value": "1bf8434e6f6e201f10849f1a4a9a12a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757991", "to_ids": true, "type": "sha1", "uuid": "1cb723da-8962-45f7-8f24-c8ef9bc9c9a4", "value": "1393c02af628df072df5cd2c287c1e2981a5f28a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757991", "to_ids": true, "type": "sha256", "uuid": "6b865c73-707a-4b7f-8526-671c34436991", "value": "0b2394831048e0048563efa6c79fded88d3c4443a01be99d284b54ead0b8228d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752566", "to_ids": true, "type": "ssdeep", "uuid": "6b7eff7f-c02e-41d9-b2d0-fbc04aac788e", "value": "1536:Zuq3wll0IYuMgwfkM9qiLBZ9pUh2I7kysEXp:Zuqgll0juMbkW3LBlU/r" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752566", "to_ids": false, "type": "size-in-bytes", "uuid": "322547fc-b0b9-4492-8e90-47350f9295d6", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752566", "to_ids": true, "type": "vhash", "uuid": "4619b798-311c-40f0-86d0-82ae8d918f3d", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752566", "to_ids": true, "type": "filename", "uuid": "eaa39d4b-5f06-487e-891e-db41704526ba", "value": "1393c02af628df072df5cd2c287c1e2981a5f28a.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752566", "to_ids": false, "type": "text", "uuid": "cea0927b-9eb1-4e6a-bcd7-89b55fa6bc2f", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:57/72\nFirst Submission:2014-06-07T09:30:15.000000+00:00\nLast Submission:2025-03-13T08:14:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759513", "uuid": "85d53c84-dafc-4a1e-a75e-f398fde10e12", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759513", "to_ids": true, "type": "md5", "uuid": "4a7b3736-0e88-48b5-af4e-02a39c8700c5", "value": "6cac1a8ba79f327d0ad3f4cc5a839aa1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757992", "to_ids": true, "type": "sha1", "uuid": "8c6144d7-4cae-46e5-8c49-6e712b47fb8d", "value": "bf9937489cb268f974d3527e877575b4fbb07cb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757992", "to_ids": true, "type": "sha256", "uuid": "6e97c51d-a802-43a0-959e-c836706cb610", "value": "d841d9092239fc029b10da01c19868749b0f6bd757926ff04674658468495808", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752588", "to_ids": true, "type": "ssdeep", "uuid": "f164e906-843a-4db3-8541-c5d7f5c9de7f", "value": "3072:vkIlIZXu6bGIsQQOsNXgn5NdcY21kfvHe3VtUzXWzz8fAw4YCGYHlH0DCv:vRIMImHNX4s1kfPgqGzgRsHl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752588", "to_ids": false, "type": "size-in-bytes", "uuid": "6078b6a0-9d81-4731-81b3-a27a24e45945", "value": "173056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752588", "to_ids": true, "type": "vhash", "uuid": "3e483940-5997-464a-b81d-8864988430cf", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752588", "to_ids": true, "type": "filename", "uuid": "c5e6c7b9-1dea-48b1-b1fd-97b83dcca011", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752588", "to_ids": false, "type": "text", "uuid": "2acdc1d8-3d79-4fd1-baa1-520daff5adcb", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Phdet.A\nVT Total Detection:54/73\nFirst Submission:2014-06-04T18:20:12.000000+00:00\nLast Submission:2025-03-13T08:02:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759535", "uuid": "7b513ca7-fcfe-4d58-a6f7-080984865388", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759535", "to_ids": true, "type": "md5", "uuid": "f8d3b636-d9d2-40d6-9713-73829ed69c6b", "value": "462860910526904ef8334ee17acbbbe5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757994", "to_ids": true, "type": "sha1", "uuid": "368c5359-97a7-411e-a308-e6e9c97e00d3", "value": "26b9816b3f9e2f350cc92ef4c30a097c6fec7798", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757994", "to_ids": true, "type": "sha256", "uuid": "496a5fd0-2115-4106-a4e6-24cb837b4c79", "value": "e791718c0141e3829608142fb0f0d35c9af270f78ae0b72fce2edd07a9684568", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752610", "to_ids": true, "type": "ssdeep", "uuid": "dd5385f5-0e62-4ec9-9084-d01327add3be", "value": "1536:KTUjDnv37xf4patQDfexEtyxb7Ld0tDb0SuyeC:7H37SpLDWg2b7Lyt30Suy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752610", "to_ids": false, "type": "size-in-bytes", "uuid": "c9005841-6c7d-4342-b8ef-294109d02260", "value": "60416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752610", "to_ids": true, "type": "vhash", "uuid": "14259cf3-e67c-4c99-9b29-b41c4b36718a", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752610", "to_ids": true, "type": "filename", "uuid": "59e7218b-ac6f-43c5-84f0-36b126386425", "value": "26b9816b3f9e2f350cc92ef4c30a097c6fec7798.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 19/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752610", "to_ids": false, "type": "text", "uuid": "da401a30-51ae-400f-9e2a-2a3dbafaa748", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:61/72\nFirst Submission:2014-06-04T12:48:15.000000+00:00\nLast Submission:2025-03-13T08:08:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759557", "uuid": "30a4fe08-2f67-4074-94d5-5c8d3ef7545f", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759557", "to_ids": true, "type": "md5", "uuid": "78a8558b-839a-4bd8-a9f5-bbe1ee7d1376", "value": "eeec7c4a99fdfb0ef99be9007f069ba8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757995", "to_ids": true, "type": "sha1", "uuid": "e4629723-6e18-41a9-b239-6fbfa3929115", "value": "be4911310f6d982380b303aacc8cb0e6058907d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757995", "to_ids": true, "type": "sha256", "uuid": "3e92dd4e-e55c-48e9-a998-2d0a8743131e", "value": "745c4d1e183c0000c4a971c87ad6d839105a1d19847983863165bfb6bc25e7d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752631", "to_ids": true, "type": "ssdeep", "uuid": "26486018-a798-46cc-9f65-5c996371d771", "value": "3072:ZU2g71QocMVgY2liQEHkO9vMARjfTw+LaeBa1yHlH0DCv:ZU2xo5wliPrvZRjjLaegQHl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752631", "to_ids": false, "type": "size-in-bytes", "uuid": "a9b2a4ae-484b-442e-ba82-e9642b1d68d3", "value": "173056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752631", "to_ids": true, "type": "vhash", "uuid": "894bbd10-9fae-4b37-9e74-e2dcd1bcf675", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752631", "to_ids": true, "type": "filename", "uuid": "8393f50f-7363-466b-8ecb-b1a7931ae687", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752631", "to_ids": false, "type": "text", "uuid": "ecadcc5b-06d3-4c81-a0fe-ffacc03e9157", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Phdet.A\nVT Total Detection:61/73\nFirst Submission:2014-06-02T08:44:55.000000+00:00\nLast Submission:2025-03-13T07:49:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759578", "uuid": "551cbd96-2020-42db-b4b7-c299c957a655", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759578", "to_ids": true, "type": "md5", "uuid": "6e25e5bc-d589-42a7-a352-3b547adf36b8", "value": "6bbc54fb91a1d1df51d2af379c3b1102", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757996", "to_ids": true, "type": "sha1", "uuid": "9dec1d5e-edc1-42a2-b7db-e5fa14896b75", "value": "3ec233ec4c5fa33f356592a538f2718a770bab73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757996", "to_ids": true, "type": "sha256", "uuid": "aa636429-ac41-4e78-9f30-156a349264ca", "value": "1219480835cd4d2a18d4be98efc7bb1b3426a0e49b604aa9e5b77e2a0bd54449", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752653", "to_ids": true, "type": "ssdeep", "uuid": "dd05a3cd-b9b3-4e7a-8b96-82cac4c54836", "value": "1536:rl3oE+1gVNpX/5mUpcl64yHyPJ4bE/c078iRsj7X:rhqg5XIUpIku4bE3Hsj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752653", "to_ids": false, "type": "size-in-bytes", "uuid": "e350c5a1-dc2c-45aa-98c2-c489dc4922e1", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752653", "to_ids": true, "type": "vhash", "uuid": "9ee18755-4a78-4882-afb8-82c942824d6d", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752653", "to_ids": true, "type": "filename", "uuid": "cb1b4c4e-ebe7-4667-8ab0-f8ea7be27ae8", "value": "3ec233ec4c5fa33f356592a538f2718a770bab73.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752653", "to_ids": false, "type": "text", "uuid": "ea1bc07a-e710-4f89-a3f1-7a4d81a09739", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:56/73\nFirst Submission:2014-06-12T09:16:09.000000+00:00\nLast Submission:2025-03-13T08:26:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759600", "uuid": "3af04243-2038-4926-9671-42c3957c809c", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759600", "to_ids": true, "type": "md5", "uuid": "38ae08a1-d8ba-40d2-9b11-053f753fff86", "value": "8b152fc5885cb4629f802543993f32a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757998", "to_ids": true, "type": "sha1", "uuid": "aa9c2898-5d95-489b-bde2-7175197a9f13", "value": "441cfbaba1dfd58ce03792ef74d183529e8e0104", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757998", "to_ids": true, "type": "sha256", "uuid": "8503eb4d-2ddc-43de-9c1c-299a34f7ea16", "value": "af62f29ac01e8335bf41c02c1460ebafcbaf94956b1001f7d515eecf63cea4f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752675", "to_ids": true, "type": "ssdeep", "uuid": "20f360c8-b887-4198-9abf-b3fe02589497", "value": "768:CFbYK2Ong32/xsNioSGJbu/pswy+7mh2posc/8+yPoleYa+9gqjTfL9kFrpzkjWy:gb0WgG/xo/8WaHAle7eErRkjy8gE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752675", "to_ids": false, "type": "size-in-bytes", "uuid": "54c7a5d9-68bc-4c4a-9888-487fb755004d", "value": "79872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752675", "to_ids": true, "type": "vhash", "uuid": "79808f63-c86d-4e6d-bf39-1b3f46f9a894", "value": "07403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752675", "to_ids": true, "type": "filename", "uuid": "dc98b9cf-996c-442d-92eb-2ec53a743400", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752675", "to_ids": false, "type": "text", "uuid": "4b38dc4d-cbc6-472a-9aea-e2c7ce763828", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:63/73\nFirst Submission:2014-06-11T09:41:59.000000+00:00\nLast Submission:2025-03-13T08:22:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759621", "uuid": "f048b4d9-95d7-4e00-ad9b-66b7c4008f66", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759621", "to_ids": true, "type": "md5", "uuid": "e6a1af70-5b8a-43bb-b67c-79e6f4abaf99", "value": "6d1187f554040a072982ab4e6b329d14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771757999", "to_ids": true, "type": "sha1", "uuid": "099a0dad-7885-4cf3-a596-b617d1d8a9fe", "value": "6e5e05e740de56b239deddecf7262dc830ae3545", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771757999", "to_ids": true, "type": "sha256", "uuid": "45c7719a-0df5-4340-8317-50af55938ba3", "value": "d097ef2ea698dcd4f705f5fa00e54bb94598d5d48a9fa7b7a33879cc72332065", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752696", "to_ids": true, "type": "ssdeep", "uuid": "23fc868b-0d06-45ab-8bfe-028f8d69789a", "value": "3072:t6Es1ZQvnl8EgbOncwCLXY//trpcEuzsFnpC4KNuDB4zPcXjdkcgU42YpWzDQH05:ps4d3n9CLXo/DqzupC4Q5zUXjKc54aY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752696", "to_ids": false, "type": "size-in-bytes", "uuid": "932a1a44-051a-406f-badb-6e05a47dd341", "value": "175616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752696", "to_ids": true, "type": "vhash", "uuid": "f46185d0-eb5d-4c38-abf6-c40fcade7c88", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752696", "to_ids": true, "type": "filename", "uuid": "7d86d8b6-96a4-4177-921e-cfdfb39dba84", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752696", "to_ids": false, "type": "text", "uuid": "2f136b13-b306-4448-ac87-084bd78fc869", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Phdet.A\nVT Total Detection:60/73\nFirst Submission:2014-06-07T09:28:03.000000+00:00\nLast Submission:2025-03-13T08:02:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759643", "uuid": "88214d69-628c-4146-b141-4036472015d4", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759643", "to_ids": true, "type": "md5", "uuid": "1bc4b801-24ea-4304-a90c-e00e163f4f8d", "value": "3bfe642e752263a1e2fe22cbb243de57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758000", "to_ids": true, "type": "sha1", "uuid": "812e2ffd-03a0-44de-957c-cb19499bd6d9", "value": "790ef0a42f91d319bf4b494bd9856c28290aa463", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758001", "to_ids": true, "type": "sha256", "uuid": "920646fc-7907-4b08-b67a-da81cd1e6aa8", "value": "d78452f174fe8226051accf04fadbfc53c8ba460e2730d947fc6097c3ccacccf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752718", "to_ids": true, "type": "ssdeep", "uuid": "72f98860-47f8-45e5-97ff-4251943fbcd8", "value": "768:r9FKhhGAj16cbNnwfX9pdO1QRK3rvhoXxZMLwR1H9PVFYgP7QfakXuclVs2eqcOr:Bk7jNZw/9bSkZYwzHlfbUBXuOV9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752718", "to_ids": false, "type": "size-in-bytes", "uuid": "45647cb5-8765-45f3-ad75-b146324e4bf8", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752718", "to_ids": true, "type": "vhash", "uuid": "56e11b3d-3df1-4a19-9e1a-8c1e635eb7df", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752718", "to_ids": true, "type": "filename", "uuid": "e52aa4ad-387d-47d5-8643-fc734c470bb3", "value": "790ef0a42f91d319bf4b494bd9856c28290aa463.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752718", "to_ids": false, "type": "text", "uuid": "1c5e9b0b-6312-4731-aed7-a7c8b04e3190", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-06-19T11:21:30.000000+00:00\nLast Submission:2025-03-13T08:25:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759664", "uuid": "54b1ba51-ce6f-4250-be35-ea354212493d", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759664", "to_ids": true, "type": "md5", "uuid": "9b99fa62-4756-44dd-af6d-9ef213a86f89", "value": "c629933d129c5290403e9fce8d713797", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758002", "to_ids": true, "type": "sha1", "uuid": "07053d4e-9ab8-41b2-b965-5a79553f7fda", "value": "cff4e193aa447d98ada7bb8a6334da41932f33a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758002", "to_ids": true, "type": "sha256", "uuid": "1944b2f0-7a97-4fce-a8bc-791c9cd9b74f", "value": "7509e80fcf3d9168ea8a7171d127290907b2d42dc765367bce5893fa7b38579b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752740", "to_ids": true, "type": "ssdeep", "uuid": "620aabe1-391e-4b46-b652-8a459d8ef944", "value": "1536:B24APjMsXgJ58mL2yejl/LCnangmxnr2Qh:YjpXgJ+mL2dzCnAgmxr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752740", "to_ids": false, "type": "size-in-bytes", "uuid": "feb107ea-efa0-4cf6-b645-c2ee918136e4", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752740", "to_ids": true, "type": "vhash", "uuid": "2e652f66-5722-4187-b0e8-2fdc73a4fa72", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752740", "to_ids": true, "type": "filename", "uuid": "3d17db44-4cb9-479f-bc8d-cc8ca5b5ab1d", "value": "cff4e193aa447d98ada7bb8a6334da41932f33a8.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752740", "to_ids": false, "type": "text", "uuid": "73a51994-380a-48c9-9579-6685b0bdbfd7", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-06-26T08:43:41.000000+00:00\nLast Submission:2025-03-13T07:45:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759686", "uuid": "00310270-68d7-458b-9121-77819cbb06bf", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759686", "to_ids": true, "type": "md5", "uuid": "1d511ce7-55c6-44c6-bbc1-fc3cb5380545", "value": "1c62b3d0eb64b1511e0151aa6edce484", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758003", "to_ids": true, "type": "sha1", "uuid": "f1caaf7c-0989-415c-8e24-0681b5ac067d", "value": "de90575a9b1f5ef906401a0a712419b541d9a1b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758003", "to_ids": true, "type": "sha256", "uuid": "0b8e5c1d-e355-4981-b826-82e27a6013a8", "value": "32e41ca3b60b104026a1c22c621e690b37a7284030c13082881765458c2aa53e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752761", "to_ids": true, "type": "ssdeep", "uuid": "05f55505-3963-4635-81be-70a668ba1f4f", "value": "1536:u27s+bnpmm7aUhP9BWMFxQ2zbmuohhD9:RnpmmmUhP9cF2zbm3hh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752761", "to_ids": false, "type": "size-in-bytes", "uuid": "5aecf240-87fb-45b0-a82a-def3aebb9a19", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752761", "to_ids": true, "type": "vhash", "uuid": "617300f0-2d40-428d-b6cd-b594f7dbce7a", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752761", "to_ids": true, "type": "filename", "uuid": "8b7a0200-dc9f-443f-992f-e6cce12a3e29", "value": "de90575a9b1f5ef906401a0a712419b541d9a1b4.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752761", "to_ids": false, "type": "text", "uuid": "c58ea157-6ef1-4326-b102-9828b3b1ff7c", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:56/73\nFirst Submission:2014-06-26T09:30:19.000000+00:00\nLast Submission:2025-03-13T08:06:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759708", "uuid": "8f989299-53f4-4990-a1e5-8c0594a7a0ce", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759708", "to_ids": true, "type": "md5", "uuid": "03aecd75-5e24-45b0-b6c5-0d0f23531da9", "value": "811fcbadd31bccf4268653f9668c1540", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758005", "to_ids": true, "type": "sha1", "uuid": "ed8a8a96-ff66-436a-a913-e3d7d588348c", "value": "9bff205f57e77d25d8ce6a91eac18d3c03a9160c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758005", "to_ids": true, "type": "sha256", "uuid": "43b3f704-cf4d-4388-98df-2deddde09d99", "value": "a05a37822e4ef3d123b5d52c0a91e5231b3bad463be4f6b8f0fdcc2e1597b2e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752783", "to_ids": true, "type": "ssdeep", "uuid": "2c8c9901-f18f-4362-ae97-8f725542bb18", "value": "1536:R202VgRNS2LrXbkJB5kTD0NQwD4Ym28gXcSeUlR:cR6DdXQJMkD4JlG7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752783", "to_ids": false, "type": "size-in-bytes", "uuid": "a874f608-682f-4cf5-a535-bcbbe26a46b0", "value": "61440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752783", "to_ids": true, "type": "vhash", "uuid": "ccd22dcc-9916-43ea-9b87-9bf1aef5372e", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752783", "to_ids": true, "type": "filename", "uuid": "6f098a5c-8aa2-4683-b1d9-6dbc1cb54f02", "value": "9bff205f57e77d25d8ce6a91eac18d3c03a9160c.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752783", "to_ids": false, "type": "text", "uuid": "8b9f32cb-8c3d-4c8f-9e3e-ad877fd9a1b9", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:57/73\nFirst Submission:2014-06-27T06:24:04.000000+00:00\nLast Submission:2025-03-13T07:59:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759731", "uuid": "c04e9456-de96-4d86-a6fd-915961f56fda", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759731", "to_ids": true, "type": "md5", "uuid": "e328e485-5944-48fc-9fc3-2fa7effefe78", "value": "0a89949a3a933f944d0ce4c0a0c57735", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758006", "to_ids": true, "type": "sha1", "uuid": "e76f59e6-56f7-4ac7-a54e-336ff12feb23", "value": "8c3be150b36e38dd187b95b397f7a8ff83105d72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758006", "to_ids": true, "type": "sha256", "uuid": "4ec7882b-7c5e-41cc-82c1-6af9fbc37be3", "value": "13f560adc7133aaa2b7bf4c0d4a9712425569b2932714f8fa740f875de9eef67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752805", "to_ids": true, "type": "ssdeep", "uuid": "22bd5a8c-0d54-468b-bd8a-5a0b33d6ac37", "value": "1536:oY+au5r0Ow2csfmyNUQ2HhBUW5sDmOat1qmUzQT8lw0Re6:8aor9HUQMheWROs1D5b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752805", "to_ids": false, "type": "size-in-bytes", "uuid": "86a139af-c2e7-4540-a6a3-e9d7df1d284a", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752805", "to_ids": true, "type": "vhash", "uuid": "7e04e1ee-c022-4f24-8869-0b5198b34e4e", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752805", "to_ids": true, "type": "filename", "uuid": "b131a859-1599-4954-bd5c-3b0ac8db67cf", "value": "8c3be150b36e38dd187b95b397f7a8ff83105d72.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752805", "to_ids": false, "type": "text", "uuid": "c5d539a1-ac84-4a8a-ba1b-fd13a54f8d14", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-06-27T14:01:21.000000+00:00\nLast Submission:2025-03-14T00:39:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759753", "uuid": "ac35dc6a-7b18-4adc-8527-691518aae208", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759753", "to_ids": true, "type": "md5", "uuid": "43b9f5c6-ad67-4627-937f-59854fa04926", "value": "a0f594802fbeb5851ba40095f7d3dbd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758007", "to_ids": true, "type": "sha1", "uuid": "6615f406-c03b-4522-a715-bed2369b199f", "value": "4babafbf304763da3ab5e7c8d74d3c179d8920d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758007", "to_ids": true, "type": "sha256", "uuid": "0c5b6994-5f85-4a66-9cef-24d5579c6ff2", "value": "ad54349c5489e4eac227fd15eedeedc1dc80011980e649d6df99a434d60e7095", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752826", "to_ids": true, "type": "ssdeep", "uuid": "f1abbe65-596a-4e58-ba05-c01f72b2b9db", "value": "6144:2pu0YSLIFj406QbxCtahh05zxtLahCJ3471/Fs3n+EF:muDSLYj4PQbxhhOzKiI71/FaV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752826", "to_ids": false, "type": "size-in-bytes", "uuid": "aa2a2faf-7817-4a0c-932e-11ce2ac54bdc", "value": "257024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752826", "to_ids": true, "type": "vhash", "uuid": "dc97cc6d-2381-4cfa-bcdf-e31a9c356668", "value": "02505e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752826", "to_ids": true, "type": "filename", "uuid": "81d9d48e-0538-4c86-917a-bd8977b28555", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752826", "to_ids": false, "type": "text", "uuid": "da170d90-97f3-415a-8e3a-2b175fa78582", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Phdet.A\nVT Total Detection:54/73\nFirst Submission:2014-08-22T08:07:41.000000+00:00\nLast Submission:2025-03-13T08:22:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759775", "uuid": "c23ac713-5d43-4aa6-9039-0460b4787710", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759775", "to_ids": true, "type": "md5", "uuid": "f4c34695-2013-418a-94d4-92d1993d30b4", "value": "bf6ce6d90535022fb6c95ac9dafcb5a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758008", "to_ids": true, "type": "sha1", "uuid": "4c5a4e64-bd91-425a-8821-411ec4b1b2ff", "value": "7416f39a184fbc4b5d6679a05f51b41a65445a03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758008", "to_ids": true, "type": "sha256", "uuid": "7571ae48-6215-4cd6-8318-528f5f46a769", "value": "50b143becdd7f7d129ba5aec4213319bd245b4eb91576f9854886794c27b066e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771752848", "to_ids": true, "type": "ssdeep", "uuid": "0d35488a-9240-4313-bd3b-78e0a603b897", "value": "12288:dE3NnB5U6MqLGchYvidTWhTBoKMLOtQsVtDg3Q/7IvJaYjrxcLsIMFCD5fZx7:dWe6zY60FoKMLOtQwt1zmYLTMux7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771752848", "to_ids": false, "type": "size-in-bytes", "uuid": "9bef5eca-7aad-405f-b804-26681395cdf3", "value": "650752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771752848", "to_ids": true, "type": "vhash", "uuid": "146b0ce0-a647-42d5-8e3f-36aa9f8a4d47", "value": "06503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771752848", "to_ids": true, "type": "filename", "uuid": "cefba55e-ed83-4754-8e34-85bf91b8d3b5", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 14/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771752848", "to_ids": false, "type": "text", "uuid": "ab4fa625-3a5a-43c9-8b55-1475b733f384", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Phdet.A\nVT Total Detection:51/71\nFirst Submission:2014-08-13T14:20:36.000000+00:00\nLast Submission:2025-03-13T07:49:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759797", "uuid": "15c5dea4-a15e-42e4-829d-5ead06436fe9", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759797", "to_ids": true, "type": "md5", "uuid": "59afa6e1-99f1-4e6d-957b-7898eda4a0fc", "value": "3122353bdd756626f2dc95ed3254f8bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758009", "to_ids": true, "type": "sha1", "uuid": "2bd5d87f-567a-4d7b-b848-8e70f2b807d5", "value": "0542bbd2435a577a3b22b762faba2d08329a4e22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758010", "to_ids": true, "type": "sha256", "uuid": "96081b2c-ccba-443e-9d96-473c00d39292", "value": "171fd6cc278b5cfa55f29476512fd50a05fcd5c539e2e3689ca3c124c8cb43e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753018", "to_ids": true, "type": "ssdeep", "uuid": "bd87cfb8-4c57-4d1f-a2da-9029d16dd99f", "value": "3072:3SVf75/znZ3BpN7vYNYx2wlQWnhGIqw8FbfhPMoD5mIo7e0emypwEDQH0DCC:s9DZnN7qYxUWnhFH83t4Ioq0em9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753018", "to_ids": false, "type": "size-in-bytes", "uuid": "09526782-7fcb-4ffa-a35a-5d1d8b79cabe", "value": "175104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753018", "to_ids": true, "type": "vhash", "uuid": "01451e41-9f43-4e76-a951-a6ae47206d9f", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753018", "to_ids": true, "type": "filename", "uuid": "9fc8c255-452c-45f1-b031-c17c0e8cbb35", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753018", "to_ids": false, "type": "text", "uuid": "66002524-7548-4730-a0b3-83ccab5ad392", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Meredrop\nVT Total Detection:59/73\nFirst Submission:2015-09-06T08:23:20.000000+00:00\nLast Submission:2025-03-13T07:44:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759818", "uuid": "4a663aeb-f016-48f0-89e8-f62f3609747f", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759818", "to_ids": true, "type": "md5", "uuid": "cfc3cb99-b7e3-4952-9187-2459b046f879", "value": "d2c7bf274edb2045bc5662e559a33942", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758010", "to_ids": true, "type": "sha1", "uuid": "9ccb8719-f9a6-402b-b49b-78026051a32a", "value": "99dafafa2b013aa150638453a91c9da9a14737f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758010", "to_ids": true, "type": "sha256", "uuid": "36227981-1c75-4a07-9541-20d2b02c63ab", "value": "cc10fb76409f84f8f69e9f996f7dda5413db745a93c8a7283e6e440e2613bece", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753060", "to_ids": true, "type": "ssdeep", "uuid": "78389b39-2720-43ba-8b59-44944f66b7cf", "value": "1536:i24APjMsXgJ58mL2yejl/LCnangmxnr2Qh:ZjpXgJ+mL2dzCnAgmxr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753060", "to_ids": false, "type": "size-in-bytes", "uuid": "91065da1-7a41-47bc-ba9d-6e4d2a3df130", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753060", "to_ids": true, "type": "vhash", "uuid": "a068e3c4-5576-41e5-8a34-ae57c7243a57", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753060", "to_ids": true, "type": "filename", "uuid": "dc60ee03-8426-4586-aa26-57294aa5e8e2", "value": "99dafafa2b013aa150638453a91c9da9a14737f4.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753060", "to_ids": false, "type": "text", "uuid": "8dea4f4e-da74-419e-8e20-35465b1ca42e", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:56/73\nFirst Submission:2014-07-14T06:54:16.000000+00:00\nLast Submission:2025-03-13T08:03:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759840", "uuid": "7bfdd72c-1c57-4992-979d-6ab31175d709", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759840", "to_ids": true, "type": "md5", "uuid": "105da713-0755-41bd-bc72-fbf42c74528f", "value": "ac1a265be63be7122b94c63aabcc9a66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758011", "to_ids": true, "type": "sha1", "uuid": "1cbb8138-82d5-4b3f-8037-611f5a3d17ef", "value": "983cfcf3aaaeff1ad82eb70f77088ad6ccedee77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758011", "to_ids": true, "type": "sha256", "uuid": "e65efe02-48b7-4bcd-ba33-d24e46153013", "value": "ccc92ca0c01d44e85e8855b80e7ccda0bd02a5fd3218810330f71cce04e4c8fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753082", "to_ids": true, "type": "ssdeep", "uuid": "f5fcd2d2-8761-4aaf-bea6-cbfe3c910649", "value": "3072:ijlMgKM3lcEk9+nPukEMfOZDQlDXY+qP2YGH67PxnoMdXYfKJkXHlH0DCv:iQUcTAn2klTlD++niZn9ibHl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753082", "to_ids": false, "type": "size-in-bytes", "uuid": "b3d7db65-6a8d-4925-a8eb-37c1c37c9fab", "value": "172544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753082", "to_ids": true, "type": "vhash", "uuid": "99e689ae-ec93-46ce-80fa-f75dcaf48c39", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753082", "to_ids": true, "type": "filename", "uuid": "f3a02fe2-442e-47af-a820-aa715b976107", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 15/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753082", "to_ids": false, "type": "text", "uuid": "1b926159-b291-4398-9168-ea5b599916a2", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Phdet.A\nVT Total Detection:62/72\nFirst Submission:2014-07-19T03:04:14.000000+00:00\nLast Submission:2025-03-13T08:20:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759862", "uuid": "840bc273-e384-4a7b-a8de-132693cfb466", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759862", "to_ids": true, "type": "md5", "uuid": "da9e7afc-3154-4d54-a89f-deb9e430d25d", "value": "38b6ad30940ddfe684dad7a10aea1d82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758012", "to_ids": true, "type": "sha1", "uuid": "cc93cd6a-a7a4-4f3c-a56f-82913a83ccf5", "value": "ef1f2bb0147df5bc821a33519d7b6305da629371", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758012", "to_ids": true, "type": "sha256", "uuid": "19b11e04-5b29-4383-9284-f56fe857d91f", "value": "660a4e74254940a2fcc42df2258de453d469c0a8e0bdbe33ebaa743e49d19c73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753147", "to_ids": true, "type": "ssdeep", "uuid": "1703bf2a-524a-4490-b89e-6cfec41da9a0", "value": "3072:3XjDGNJR+d1onKXDUMkwmyNBXXOsrRhCxRcx6N7oR6FPF+08OkDnyDQH0DCC:njDaR+3oqDUMrmmNXOIhCxt7oR6cDnh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753147", "to_ids": false, "type": "size-in-bytes", "uuid": "23bcbca2-05f8-45ca-9e75-a7bbab03ed90", "value": "174080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753147", "to_ids": true, "type": "vhash", "uuid": "dfbef4d6-afe3-4e6d-8f15-471e32449ce7", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753147", "to_ids": true, "type": "filename", "uuid": "716cf969-ad95-40ee-87ef-f237a454bae5", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753147", "to_ids": false, "type": "text", "uuid": "39b3170a-de32-479a-aba4-5f8a993c6a0f", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.T\nVT Total Detection:61/73\nFirst Submission:2013-11-20T16:27:02.000000+00:00\nLast Submission:2025-03-13T08:11:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759883", "uuid": "eea69d50-b6c4-459d-8a8c-56c5d2bc50d0", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759883", "to_ids": true, "type": "md5", "uuid": "b338ad33-0db9-4f19-93a6-702a6f9b2356", "value": "f190cda937984779b87169f35e459c3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758014", "to_ids": true, "type": "sha1", "uuid": "8da5142e-d0ca-4473-b5f9-10ff5b192337", "value": "d040af1b15449cb8ed935f720112bb9ffddf7279", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758014", "to_ids": true, "type": "sha256", "uuid": "f3422dc2-7ba7-4086-bcf1-4e4840419dc0", "value": "e14018d68b3f233f043de12c4c3a445313e4e1daa55758e6087c9c2c7ae3d819", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753169", "to_ids": true, "type": "ssdeep", "uuid": "22100f26-710b-4e64-8486-8fc9362a3514", "value": "768:jQpHUFrl2XBLgayScYpsuMKzYbh10D+9oDpviuUkavf7rAMFF:jQVUtlmyrYyuAcD+WXUNVF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753169", "to_ids": false, "type": "size-in-bytes", "uuid": "ef93a4bc-fdc0-4c8b-a4e3-d4da2fc4e152", "value": "49664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753169", "to_ids": true, "type": "vhash", "uuid": "ff9294ea-4a9b-4553-9501-cc105cceb86b", "value": "04405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753169", "to_ids": true, "type": "filename", "uuid": "9c806700-18da-4800-af7c-ff546a454ddd", "value": "d040af1b15449cb8ed935f720112bb9ffddf7279.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 17/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753169", "to_ids": false, "type": "text", "uuid": "fc3ced76-5f1c-4103-99b3-e06cc65649be", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:WinNT/Phdet.A\nVT Total Detection:55/73\nFirst Submission:2013-06-25T13:10:20.000000+00:00\nLast Submission:2025-03-17T13:38:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759904", "uuid": "84902364-5b36-4ca5-8c9f-1d173eb20ece", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759904", "to_ids": true, "type": "md5", "uuid": "cdde7c5b-d41a-448d-ba91-3906d133b1e7", "value": "bc95b3d795a0c28ea4f57eafcab8b5bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758015", "to_ids": true, "type": "sha1", "uuid": "eddb63ee-2b1c-42eb-99a0-a2f787cd75e7", "value": "c0325df3240654f2385d206fb2427a50f6a7fa53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758015", "to_ids": true, "type": "sha256", "uuid": "9405a219-61d0-4aad-bcaa-7eef7779b12d", "value": "7b20a9f5edb06e8a9dbdd707c6550093085ac6d173b4b4e4d07801fc5c04d04e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753212", "to_ids": true, "type": "ssdeep", "uuid": "13f33d16-e27a-42d7-907d-5fbf74f56f9b", "value": "1536:A24APjMsXgJ58mL2yejl/LCnangmxnr2Qh:/jpXgJ+mL2dzCnAgmxr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753212", "to_ids": false, "type": "size-in-bytes", "uuid": "4176efb6-b243-4457-8ce0-6f621374278c", "value": "73728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753212", "to_ids": true, "type": "vhash", "uuid": "7ab6c0e8-abe6-4589-9d1f-039be165a0ec", "value": "074054751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753212", "to_ids": true, "type": "filename", "uuid": "9496443f-cc47-4aab-8244-85c019daf6a6", "value": "c0325df3240654f2385d206fb2427a50f6a7fa53.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753212", "to_ids": false, "type": "text", "uuid": "7f7f8eac-3af3-4ddf-9eb1-b9e3cef7d90b", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Blakken!mclg\nVT Total Detection:55/73\nFirst Submission:2014-07-14T06:54:07.000000+00:00\nLast Submission:2025-03-13T07:41:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759926", "uuid": "8dddc299-1a00-4dbe-a19f-53ed3fe6b785", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759926", "to_ids": true, "type": "md5", "uuid": "f8c1792a-9028-487f-a0b9-e69745e612ea", "value": "d387a5e232ed08966381eb2515caa8e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758016", "to_ids": true, "type": "sha1", "uuid": "f165ad5f-011a-4c76-ad37-19ff91624765", "value": "8ce5930a9c41a1d3d4c58ab8962e2c7e26971b4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758016", "to_ids": true, "type": "sha256", "uuid": "285e0968-b06c-4d53-9c5a-1599581dc584", "value": "c401950ba46297b83b0d23a27a6163ee8568f4f4d0f06f31797a6c468b75c8eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753254", "to_ids": true, "type": "ssdeep", "uuid": "fa0529d5-b8e9-4f1e-a23a-c0e1e89a3aec", "value": "768:2Gz0icDA6oHuVOBnryS5rWswroObXd9AQwt3cGAqB4QrB8hkPWlU9G1nZ5q9l/yY:260i9HZCUObXA3cYtBmNo6I9ByFPi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753254", "to_ids": false, "type": "size-in-bytes", "uuid": "565b8c73-ebc7-45a9-a0f8-9ec0c3fdebe0", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753254", "to_ids": true, "type": "vhash", "uuid": "150346d1-ba7e-470e-bef2-7ed3eced9ecc", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753254", "to_ids": true, "type": "filename", "uuid": "f948cabc-6586-4710-8068-86b4a6fa5f0b", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753254", "to_ids": false, "type": "text", "uuid": "6509af07-28a8-4009-b9e7-e9580c03909d", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:55/73\nFirst Submission:2014-07-25T20:07:22.000000+00:00\nLast Submission:2025-03-13T08:03:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759947", "uuid": "9a81d3f5-943e-4a33-beb8-7c0b6cb204df", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759947", "to_ids": true, "type": "md5", "uuid": "6ddc28ae-92bc-4949-bb6f-712807bce180", "value": "f4b9eb3ddcab6fd5d88d188bc682d21d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758017", "to_ids": true, "type": "sha1", "uuid": "9fe1d70d-04e7-4532-a016-6ec67a04ce57", "value": "efa0613da2d60843c2dd3aa399519eeca179a739", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758017", "to_ids": true, "type": "sha256", "uuid": "c8d64185-5358-418b-9673-dc1851e2b4da", "value": "40436e69c06c2450c4723cb68e1d8fa2ae4701c6e11b0c566c7fbbe6cdb9cd1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753277", "to_ids": true, "type": "ssdeep", "uuid": "b69eb4a1-1ad2-4eaa-bb31-4268d9ca5262", "value": "1536:S2CHWMQqvL9hrWja22dMjOfqPO/49/YdUPi:oNLPrWu222ylii" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753277", "to_ids": false, "type": "size-in-bytes", "uuid": "5e369028-fa8b-4d32-8b6a-0f41d1faf19c", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753277", "to_ids": true, "type": "vhash", "uuid": "424321f6-2326-46f2-bed9-e00e98fbee4b", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753277", "to_ids": true, "type": "filename", "uuid": "3749ae68-dcd0-4294-b383-4fcb0f887be2", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753277", "to_ids": false, "type": "text", "uuid": "b3614c08-9f86-4ee4-b41e-1abb438876a9", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:55/73\nFirst Submission:2014-09-09T05:20:59.000000+00:00\nLast Submission:2025-03-13T08:15:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759968", "uuid": "16cbf886-747b-4e72-90a6-c280f83f97a2", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759968", "to_ids": true, "type": "md5", "uuid": "a863a8c4-51aa-4294-b617-7207385a9044", "value": "8e42fd3f9d5aac43d69ca740feb38f97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758019", "to_ids": true, "type": "sha1", "uuid": "b542b324-8fd8-46c3-8bf3-88fcf6a4b4ec", "value": "2040b3e9c3e359757ae5b957fd592d0dd3c80e06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758019", "to_ids": true, "type": "sha256", "uuid": "f06b534f-edcf-4411-8d70-13b15f71c1ee", "value": "846eee2cffede8626145a95bc7a721c9fe36a3a9d65646357593ecbf9801a30d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753299", "to_ids": true, "type": "ssdeep", "uuid": "2659f331-abde-4913-809b-102e46922f90", "value": "3072:ddtKeTZd7JKIsofIh1ZyCHoXIhp7ibxXuza+M9IURkIusXfGvDQH0DCP:7zrzfgIYhoYza+fakbU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753299", "to_ids": false, "type": "size-in-bytes", "uuid": "1657dc46-457b-4ae8-80bc-fd3e8fafe355", "value": "174080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753299", "to_ids": true, "type": "vhash", "uuid": "5578eeb5-b3c8-4cb4-9717-4775ff6c593b", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753299", "to_ids": true, "type": "filename", "uuid": "af158e54-acc6-47ca-bc67-a7875c521716", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753299", "to_ids": false, "type": "text", "uuid": "7fbdfe46-4d8d-4c32-b201-e2980251f0d8", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win32/Phdet.A\nVT Total Detection:61/73\nFirst Submission:2014-08-03T15:10:19.000000+00:00\nLast Submission:2025-03-16T02:17:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771759990", "uuid": "e885e811-af2d-48d5-9d30-d56f6de19334", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771759990", "to_ids": true, "type": "md5", "uuid": "1d9232d3-cf46-47f1-b81c-77387ce69261", "value": "a43e8ddecfa8f3c603162a30406d5365", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758020", "to_ids": true, "type": "sha1", "uuid": "875a0d84-1e76-4b43-9235-55d67e3aba68", "value": "95dce8c19e723ef549116d0fd91f65c2f31e4270", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758020", "to_ids": true, "type": "sha256", "uuid": "35feab55-3352-4c06-ae83-8d35a41373e0", "value": "a30479247e3a958f352a2ecae1591d95d19c46f00f400a3284306bebc7721da2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753321", "to_ids": true, "type": "ssdeep", "uuid": "d32cbdbb-3379-491d-8887-1fa6749eb994", "value": "1536:kcZ0niTdJAu5xURSiwcIovBKPohErRkjy8gE:kned60xURfwcIoJ7hErRkjGE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753321", "to_ids": false, "type": "size-in-bytes", "uuid": "d7b35fe1-24b8-4a94-94d6-4bd6c755ec72", "value": "79872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753321", "to_ids": true, "type": "vhash", "uuid": "8d576c71-e689-463e-b0cf-36dab1191210", "value": "07403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753321", "to_ids": true, "type": "filename", "uuid": "97ec41eb-03d1-4636-88eb-b3897178abcf", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753321", "to_ids": false, "type": "text", "uuid": "b75cf45f-c4cc-431d-9693-3ef854588abc", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:62/73\nFirst Submission:2014-08-23T09:19:46.000000+00:00\nLast Submission:2025-03-13T07:58:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760011", "uuid": "409cfcf4-91f8-4a53-9deb-30b7c2e82e32", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760011", "to_ids": true, "type": "md5", "uuid": "85574551-edcd-48af-bfc5-175d466698ed", "value": "ea7dd992062d2f22166c1fca1a4981a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758021", "to_ids": true, "type": "sha1", "uuid": "7e1879bf-629a-487a-bd44-dc10d2346f71", "value": "35831cc1ac397e22d78cc996dc73558c4cec9ba2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758021", "to_ids": true, "type": "sha256", "uuid": "564a4bcd-f6c5-4d5f-999e-b1e01c2cd096", "value": "532b414d26a7a3796766d4aa742cfb445e73b9c9f9671220158ce9e103195a74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753342", "to_ids": true, "type": "ssdeep", "uuid": "be746d94-a0a5-4c8c-a51f-9b32f39257c6", "value": "1536:Fsuq0ddf6CA0yKma4e8VOaytCuk97ZBuEzaCqU8Pi:euzdf6CA0ePVBqC/97tzaCqPi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753342", "to_ids": false, "type": "size-in-bytes", "uuid": "5f298462-d1b8-4cf7-8c86-9c21aa497857", "value": "60928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753342", "to_ids": true, "type": "vhash", "uuid": "d1af91b5-ba72-4c8b-8ee4-7424f3d1ec39", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753342", "to_ids": true, "type": "filename", "uuid": "2890b8c8-1128-4ef2-8154-5c08666ccac0", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753342", "to_ids": false, "type": "text", "uuid": "6b4171a3-6f4b-4983-b333-074aab875189", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:54/73\nFirst Submission:2014-08-25T08:57:15.000000+00:00\nLast Submission:2025-03-13T08:27:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760032", "uuid": "89dd88e9-501c-4d9e-be56-89b4d947fdf8", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760032", "to_ids": true, "type": "md5", "uuid": "28cb0f1c-9ebd-4ce1-8a43-56898ed8f84b", "value": "7bf6dcf413fe71af2d102934686a816b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758022", "to_ids": true, "type": "sha1", "uuid": "5ce4ce44-7ab0-4efc-8e78-b934eb1cf3e4", "value": "5f449fb62465d4740a6af47565b62124a523b7c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758022", "to_ids": true, "type": "sha256", "uuid": "cde44eb7-8714-4d5e-86f1-1f702362044c", "value": "29dc83d8a6ddc22d999ae9211d1f5d447f03bcc6463ccd21d5d557546b0ddf4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753364", "to_ids": true, "type": "ssdeep", "uuid": "b8493899-9612-4f5e-a2c6-0a9525651869", "value": "768:Le7hmsReFb4OPrNgfXeQBIeo4uyc3Qo3nW/4HtAOkTxjtypp2ODSF9i:KzReV4OjaI94fqQo3nW/sCz5ypxDS/i" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753364", "to_ids": false, "type": "size-in-bytes", "uuid": "a1a25236-bca4-48de-a239-5aa9b4001759", "value": "61440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753364", "to_ids": true, "type": "vhash", "uuid": "df936c94-48c5-4493-adf2-0003fd9a5720", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753364", "to_ids": true, "type": "filename", "uuid": "b7e38d45-42e2-4341-a2ba-76f855962511", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753364", "to_ids": false, "type": "text", "uuid": "f00548c6-2dd7-4096-9ec9-0a893f005c2b", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:56/72\nFirst Submission:2014-08-25T08:17:49.000000+00:00\nLast Submission:2025-03-13T08:07:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760053", "uuid": "54ededbb-502a-4d65-a6bb-98a1637414ed", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760053", "to_ids": true, "type": "md5", "uuid": "6e7b14d2-1e69-404a-831a-d351e800fb25", "value": "cf064356b31f765e87c6109a63bdbf43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758023", "to_ids": true, "type": "sha1", "uuid": "41316eb5-f42c-4c95-bc37-94cd819b4645", "value": "d7331591ced1a4128433c97a76ef34797b95c708", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758023", "to_ids": true, "type": "sha256", "uuid": "e73b3ab4-c120-4404-aa5f-1ed63ae16a63", "value": "7215687316e899d27c50bc0d0fb316804319bd89c87c3174966cf6f85ecdd1ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753386", "to_ids": true, "type": "ssdeep", "uuid": "580a409c-31e6-455b-b462-1b37547595c5", "value": "768:F5P4MNSEyleDX/nmJkTNmWME96w6HF2NuDNVtgJoRDSebPDnTnTG316s1Rc3Mdbr:F5tLDX/muqHX7tfDNnm489Ze3OM/i" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753386", "to_ids": false, "type": "size-in-bytes", "uuid": "8d3d22f4-d12b-4cba-92e5-8e1da8790a69", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753386", "to_ids": true, "type": "vhash", "uuid": "1652cfb8-32af-4c73-b489-fe7a8f58c686", "value": "06406e751d1e551519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753386", "to_ids": true, "type": "filename", "uuid": "f7fb0fe2-902f-403c-a1f0-d2c0d13d5c2b", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753386", "to_ids": false, "type": "text", "uuid": "b0016d10-372c-4736-befb-f2a3ba65e559", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:58/73\nFirst Submission:2014-08-22T23:15:38.000000+00:00\nLast Submission:2025-03-13T07:59:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760075", "uuid": "9f953fab-88ed-4f85-8c21-ee3faf4c76ff", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760075", "to_ids": true, "type": "md5", "uuid": "7e8dfc94-2e20-44f0-9cbe-c83fa0ad8acb", "value": "4a46e2dc16ceaba768b5ad3cdcb7e097", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758025", "to_ids": true, "type": "sha1", "uuid": "3ff6ee4d-d209-42d2-9621-788ec838fb65", "value": "710635af8dcf502c393098fdd6643af76bf5f5d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758025", "to_ids": true, "type": "sha256", "uuid": "d3e7d978-7a0c-45fb-b023-22f9dda978aa", "value": "974e0ebaa3dfdbc188fe2805aee2c040e9e5ff784f6d1698d9e3ef25ec4af00c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753407", "to_ids": true, "type": "ssdeep", "uuid": "b5fa72ac-825c-4ad4-8184-c89b79f8e465", "value": "3072:SIGK3Sr6AsjXKz0r/zYSEvtCNa+S93fzIaNFdEtTPUS2M3w+SDQH0DCP:SkLWz0r/zY9tCY9VZvdEtjgM3XB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753407", "to_ids": false, "type": "size-in-bytes", "uuid": "0782bb59-0229-4bd5-a4f1-16efcb0023d7", "value": "175104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753407", "to_ids": true, "type": "vhash", "uuid": "a918c54e-1b7d-4380-b8f3-e37bc2dc3f6d", "value": "0150467555151080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753407", "to_ids": true, "type": "filename", "uuid": "74a66307-ab44-432b-a4b8-f3a729d64ec7", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753407", "to_ids": false, "type": "text", "uuid": "b13d3f2b-2d1e-4c1b-a039-0b1641482e11", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Worm:Win32/Phdet.B\nVT Total Detection:62/73\nFirst Submission:2014-08-25T08:23:34.000000+00:00\nLast Submission:2025-03-13T08:19:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760097", "uuid": "da45a633-b3fe-499a-81c2-efcf97ef7714", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760097", "to_ids": true, "type": "md5", "uuid": "2814c404-cf80-4f39-8597-bdbfeb43c987", "value": "2134721de03a70c13f2b10cfe6018f36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758026", "to_ids": true, "type": "sha1", "uuid": "1e9703fc-1d76-49ca-af48-aa9bae027c7e", "value": "40307e1e0f567c49d487bdac345955c40696e7a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758026", "to_ids": true, "type": "sha256", "uuid": "f211dccf-7745-461b-bd62-5e309c18c27d", "value": "180702cbf6a29307d4bb798b5d21db2902428ca67644670ffcbab28408c1f8a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753430", "to_ids": true, "type": "ssdeep", "uuid": "8fdd789a-74be-457d-bd88-310481e311e4", "value": "3072:pFCDYfpXWads8elt97VJwDdrKAU5jymYSTuLC+hx1BVh76z3HYHHlH0DCv:qDYfpmadje1gBhijpYSTuL7hbPhI3HwF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753430", "to_ids": false, "type": "size-in-bytes", "uuid": "776fe4cd-1bf6-4667-87db-595e2fb73ab6", "value": "173568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753430", "to_ids": true, "type": "vhash", "uuid": "9287eb2a-74f1-4b44-9de3-8250a93fcb84", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753430", "to_ids": true, "type": "filename", "uuid": "7af603ae-4f40-4b14-a6a8-b25d10da7cb1", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753430", "to_ids": false, "type": "text", "uuid": "1384f4ee-e594-44d6-bc48-c82a977ca112", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:61/73\nFirst Submission:2014-08-23T07:32:29.000000+00:00\nLast Submission:2025-03-16T02:17:49.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760118", "uuid": "8426cead-0416-4178-beba-7598d33c20ca", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760118", "to_ids": true, "type": "md5", "uuid": "3fbf5c4c-0a46-46df-9ed2-2409a943a6db", "value": "7add5fd0d84713f609679840460c0464", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758027", "to_ids": true, "type": "sha1", "uuid": "2bd4bcfb-5a83-4566-8018-7ffc6da5aefb", "value": "498a291705fcb28edc4d272ee944f3b8872d4eed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758027", "to_ids": true, "type": "sha256", "uuid": "75c967ca-e8dd-4fc3-8b8d-8a226af111be", "value": "b863e8eba67be19d7e83c8cd9ac4052912a529a996c0b646ba9bfe62eec72e21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753451", "to_ids": true, "type": "ssdeep", "uuid": "84384e56-e8e5-47e2-b2d7-a868ad206a0a", "value": "3072:2US6oyKpnUdt2r+bfa5nmHo9Qmvpc+Idj2sKrBXSZd3FALXDQH0DCP:2N6oltUr5bfGmHo9VlI9AcHFALc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753451", "to_ids": false, "type": "size-in-bytes", "uuid": "9957cc42-eef2-4cbd-8b3b-a4313989af6d", "value": "174592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753451", "to_ids": true, "type": "vhash", "uuid": "456982eb-4ce6-44d9-9470-efaa879832c0", "value": "01503675551080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753451", "to_ids": true, "type": "filename", "uuid": "6104ec30-b9ee-465b-b390-cb7b1f08a3d4", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753451", "to_ids": false, "type": "text", "uuid": "08f17ab6-c5d5-4972-95c4-20a5901b5fdf", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Worm:Win32/Phdet.B\nVT Total Detection:60/72\nFirst Submission:2014-08-23T06:45:48.000000+00:00\nLast Submission:2025-03-13T02:38:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760140", "uuid": "4ac01ed6-fef6-4747-81d9-ecc95e5cc2b2", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760140", "to_ids": true, "type": "md5", "uuid": "5334c87b-e8f1-4a8d-b823-bc3935f51221", "value": "cc9402e5ddc34b5f5302179c48429a56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758029", "to_ids": true, "type": "sha1", "uuid": "e2867634-89be-4910-8377-fc167aa29fd5", "value": "c15f79067b4b81cb658663edff97f4219a68f402", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758029", "to_ids": true, "type": "sha256", "uuid": "6dd84981-84a6-4538-9a7c-64b4b36d6830", "value": "38188cc6cfe0910255503cc3e64bd4497048436722208a052b7ed4ea01f79fb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753473", "to_ids": true, "type": "ssdeep", "uuid": "3aa30280-80d1-4d2b-9a48-20f0b036bc7b", "value": "1536:bqI3r04uacxpJ6czEh/B78vGV7mUMWNW/i:bql4JIJX6/qGk7WEi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753473", "to_ids": false, "type": "size-in-bytes", "uuid": "a171007d-e7a7-4f74-88fe-b438def9cf87", "value": "61952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753473", "to_ids": true, "type": "vhash", "uuid": "ba3821e4-ca06-4c64-9163-4a17ff87dc08", "value": "06406e751d1e551519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753473", "to_ids": true, "type": "filename", "uuid": "78b90088-14aa-4d24-ba19-7b5d4c9cd17d", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 31/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753473", "to_ids": false, "type": "text", "uuid": "f999cd74-f75b-45d8-be84-8fe0c0b62376", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:59/73\nFirst Submission:2014-08-26T00:36:35.000000+00:00\nLast Submission:2025-03-13T08:26:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760161", "uuid": "6cedcc77-4345-4d23-b596-22360dcff149", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760161", "to_ids": true, "type": "md5", "uuid": "0a32fe4d-a90c-4406-9335-92a9d1da37af", "value": "9803e49d9e1c121346d5b22f3945bda8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758030", "to_ids": true, "type": "sha1", "uuid": "1bb141c8-314a-4904-82a3-6cfa5afd3d70", "value": "a40a7d1625d7a4fe0248c5ed49338977d5923210", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758030", "to_ids": true, "type": "sha256", "uuid": "8cc9fcb8-0ccc-4cf0-841e-8fa5a0f40875", "value": "9c13f4bb69af2cedbdc0e26dba1f935cbc070f2d0eac1590ec02aa06c65f1bf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753495", "to_ids": true, "type": "ssdeep", "uuid": "24829e3d-ce90-4ad1-b7b1-ba282706c3bc", "value": "3072:iINYprPQBZujlSF8n51n+OvMIQM/26NGXIerGqYDs+R7g6UDQH0DCP:vYNQfvFK10IL/26i6qYD9v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753495", "to_ids": false, "type": "size-in-bytes", "uuid": "89846330-8c5d-4501-8d78-e6ce014fad5b", "value": "175104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753495", "to_ids": true, "type": "vhash", "uuid": "c48f78f4-6252-4211-9e58-96ef53e1679c", "value": "0150467555151080105001c00837z3065z52z8003dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753495", "to_ids": true, "type": "filename", "uuid": "3b78a6bc-942f-4e9f-a977-a5747a0b05b3", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 14/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753495", "to_ids": false, "type": "text", "uuid": "288964cf-8e01-40fa-8ffd-05ef9ee939a3", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer\nVT Total Detection:56/72\nFirst Submission:2014-08-24T00:02:27.000000+00:00\nLast Submission:2025-03-13T08:03:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760183", "uuid": "66faad90-1a47-4993-82b7-19f99edee66f", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760183", "to_ids": true, "type": "md5", "uuid": "bee7b83e-307f-47f6-a0fb-f3dc8e2b3875", "value": "c5f5837bdf486e5cc2621cc985e65019", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758032", "to_ids": true, "type": "sha1", "uuid": "d6764d49-e53a-4e2e-a18a-9dff0abe2de6", "value": "22665e332b2d56efa2eb350bbf6508a4d6a2e4f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758032", "to_ids": true, "type": "sha256", "uuid": "65f651ea-e5d3-44fd-a201-6d399de2f28e", "value": "1d7cf01a5a029387ed0bfc5ce3e581c786411aacb714ca67b695d2da092c250d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753518", "to_ids": true, "type": "ssdeep", "uuid": "1d35f89b-ee43-481e-9a79-d2149c19dd2d", "value": "3072:Mh1mglniD4BiuMYw3v8RHCX4YxG9TUM9iPyHHErRkjJE:MWyrBR03v8RHldUIAyHHy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753518", "to_ids": false, "type": "size-in-bytes", "uuid": "4a804823-e95c-45d6-bc55-c80bcbba7b65", "value": "117248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753518", "to_ids": true, "type": "vhash", "uuid": "2de2c301-768e-45ac-af0a-b177ae255794", "value": "01503675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753518", "to_ids": true, "type": "filename", "uuid": "6aa8e081-4bbe-4b14-b9fc-ce0f507d7ead", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753518", "to_ids": false, "type": "text", "uuid": "4ccdee42-727a-4c6b-8880-217126d7b96f", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Comisproc\nVT Total Detection:63/73\nFirst Submission:2013-12-19T12:10:30.000000+00:00\nLast Submission:2025-03-13T08:18:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760204", "uuid": "04f06805-abcc-4414-9eb6-880e96caf8ea", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760204", "to_ids": true, "type": "md5", "uuid": "c9cf0233-33bc-4961-977f-b4a4c728cd60", "value": "2b72fda4b499903253281ebbca961775", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758033", "to_ids": true, "type": "sha1", "uuid": "b73977b6-b7ce-4593-9d93-f615d336e42e", "value": "4089cc75953508999c4b3b1ec6a249a1d09eb1ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758033", "to_ids": true, "type": "sha256", "uuid": "d6be2449-bb44-4055-9224-b18bf7d24a2f", "value": "fa6a4744c5379f18d68bc56de5c7dae5872b3469ef40154bd882e7ae15431bef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753539", "to_ids": true, "type": "ssdeep", "uuid": "12763407-70c5-4680-9f21-a16b123f8a79", "value": "1536:S0rAHUyR2EcpwxZ0eXExc3TOg2A3nZKv41eKbSA9EjHErRkjn8gE:t/yFqws+ac3l2YYvfjErRkjJE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753539", "to_ids": false, "type": "size-in-bytes", "uuid": "7272390b-50b6-400c-9a4f-d81f812415d4", "value": "116736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753539", "to_ids": true, "type": "vhash", "uuid": "ad352da7-1a47-4a8b-9386-c08bd91c0c88", "value": "01503675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753539", "to_ids": true, "type": "filename", "uuid": "efe0111a-12e0-46d0-b51e-ba80472c65df", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 17/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753539", "to_ids": false, "type": "text", "uuid": "b2ee057f-ba6d-4641-aca3-977ad0b74914", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Phdet.G\nVT Total Detection:60/73\nFirst Submission:2014-02-27T10:35:34.000000+00:00\nLast Submission:2025-03-17T01:28:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760226", "uuid": "9bdf8d77-f2c0-43e1-9036-ec1a7175a8aa", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760226", "to_ids": true, "type": "md5", "uuid": "89766ad2-30ca-4503-9d3b-6926820cb6b6", "value": "7031f6097df04f003457c9c7ecbcda1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758034", "to_ids": true, "type": "sha1", "uuid": "7564d268-505d-4ea8-877d-ca82a809d79b", "value": "4e6daca65ccf0fa79f0d1bd084aaba5dbba14d31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758034", "to_ids": true, "type": "sha256", "uuid": "324dc3bf-cac5-4049-bbb0-2423344617d7", "value": "ef64b094a2df199f1887c2065cc937ca47c07985290e710a8b2a7cd6c42bdc9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753561", "to_ids": true, "type": "ssdeep", "uuid": "a3297603-12c3-4043-9e8c-40751a28c324", "value": "3072:Dqvvw0Zo2GA/pNq4+EEWt6aQf0Ys4zgU2sErRkjJE:OfZr/rq6Ei6Zf24zgsy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753561", "to_ids": false, "type": "size-in-bytes", "uuid": "2422feb1-4d2e-49e2-b906-37c0df8dad89", "value": "114688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753561", "to_ids": true, "type": "vhash", "uuid": "adb0b4c0-c599-4af1-bb40-f9c746bea294", "value": "01503675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753561", "to_ids": true, "type": "filename", "uuid": "c517b25e-20cc-4d6f-95e1-132c7b79fb96", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753561", "to_ids": false, "type": "text", "uuid": "09f363bd-450a-424c-8c2e-6cdff9964004", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:62/73\nFirst Submission:2014-08-24T10:05:57.000000+00:00\nLast Submission:2025-03-13T07:46:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760248", "uuid": "d294c5a9-29a8-4747-a0f9-370f26d7fb54", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760248", "to_ids": true, "type": "md5", "uuid": "97caa820-934b-4e8f-9064-9b4aa307d69c", "value": "6a6c2691fef091c1fc2e1c25d7c3c44c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758035", "to_ids": true, "type": "sha1", "uuid": "4f0a7715-c58e-43be-a9fe-13d0328f923f", "value": "2fb684147860f96d9e32100e1459201a4f349711", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758036", "to_ids": true, "type": "sha256", "uuid": "f09e2d4b-b87a-4f08-8a12-7ee37389a428", "value": "3bb24699c13e4b39486105868016ed87b4b1d7dc80ac00a989dbb17f5c4d062d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753583", "to_ids": true, "type": "ssdeep", "uuid": "9cffb11e-fb1e-48a6-a330-786ac0bcc9ef", "value": "1536:DQcSsxT7cIVIreOubs6avRhuH89qbDQVYipM/i:Dj5t7BIreAlPuv3QV7Yi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753583", "to_ids": false, "type": "size-in-bytes", "uuid": "421a61b2-2b13-4bc6-b928-96b9e9d0a04b", "value": "61440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753583", "to_ids": true, "type": "vhash", "uuid": "ff8fdf48-afbc-4a5b-a3b3-61716400eeb4", "value": "06405e751d1e5519z96z78xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753583", "to_ids": true, "type": "filename", "uuid": "6ff41f7b-7ec9-4469-887d-dea706031bc6", "value": "usbmdm.sys" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753583", "to_ids": false, "type": "text", "uuid": "998e56dd-1830-464b-843b-26b4d9198e25", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/Obfuscator.QV\nVT Total Detection:56/73\nFirst Submission:2014-08-26T17:46:47.000000+00:00\nLast Submission:2025-03-18T02:12:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760269", "uuid": "8c60f962-9760-4e6b-91f4-501be2cc7003", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760269", "to_ids": true, "type": "md5", "uuid": "508ec322-7c14-469a-a3bc-e35304cda068", "value": "9bd3fa59f30df5d54a2df385eba710a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758037", "to_ids": true, "type": "sha1", "uuid": "e16a5eba-3023-46fd-be5e-77a24fcc4f0b", "value": "75190aba9552e59f62ae74300aadaa98c2ffeb85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758037", "to_ids": true, "type": "sha256", "uuid": "f2d5db78-6f61-4a12-8497-6646286d45a2", "value": "020ca3286a29cf1d373c352497e19dfc750a6fc92bd26cab5c912d5edbd25288", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753604", "to_ids": true, "type": "ssdeep", "uuid": "92fcddd3-101c-4610-bf53-0bfe041fc25d", "value": "1536:jEf7SWRfz/WTxF7V2I10uBC+9U1bSSErRkjy8gE:jw7jfTAFxvGuzU1bSSErRkjGE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753604", "to_ids": false, "type": "size-in-bytes", "uuid": "acc176a3-7669-49e4-a9fb-b9b080e0f782", "value": "79872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753604", "to_ids": true, "type": "vhash", "uuid": "4389e929-8f76-47d3-9021-da86a5221471", "value": "07403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753604", "to_ids": true, "type": "filename", "uuid": "8ac486f8-d77c-43c0-9b5d-238e85fb7f9a", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753604", "to_ids": false, "type": "text", "uuid": "5d19a1e1-7b8a-41b5-afd0-e6e0790a2b02", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:62/73\nFirst Submission:2014-09-18T11:01:50.000000+00:00\nLast Submission:2025-03-13T08:24:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760290", "uuid": "88f7f36d-46a8-4633-8b9e-11aba97b791b", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760290", "to_ids": true, "type": "md5", "uuid": "3f7c86a0-126e-47f3-9711-606b0d5a8ec7", "value": "5100eb13cac2fc3dec2d00c5d1d3921c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758038", "to_ids": true, "type": "sha1", "uuid": "6e3598ce-e10e-4967-aad2-b91674a48ba2", "value": "86f4210d936175c0142b5cf07f58c3ea89b951c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758038", "to_ids": true, "type": "sha256", "uuid": "7f0e9e94-8e99-484f-a20a-23dc0ddb051f", "value": "dace64fc26e1f49ce6ce08ec3f6688417f7cd70200e15a40f0df061b3ff2709b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753626", "to_ids": true, "type": "ssdeep", "uuid": "f240cf48-801e-41e4-97e7-1d13ebd72629", "value": "1536:O9SGcs1rz8qCNuHGi32WK0H+7ErRkjy8gE:OUsaqCqGy2BY+7ErRkjGE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753626", "to_ids": false, "type": "size-in-bytes", "uuid": "e28431e7-389c-4cb6-8269-dcb0e07e3ca0", "value": "79872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753626", "to_ids": true, "type": "vhash", "uuid": "63d3de64-1abe-453a-9ce1-10aaa8483173", "value": "07403675555040104001e00787z3065z42z7803dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753626", "to_ids": true, "type": "filename", "uuid": "a1897e63-2433-47ef-b201-cf0c8974f3e5", "value": "host.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753626", "to_ids": false, "type": "text", "uuid": "a5ea3912-af1e-4d36-b137-10bb32ca241e", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet\nVT Total Detection:63/73\nFirst Submission:2014-09-02T09:32:03.000000+00:00\nLast Submission:2025-03-18T02:11:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760312", "uuid": "83647717-4780-46de-8714-3298709e8c14", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760312", "to_ids": true, "type": "md5", "uuid": "73796456-6336-4f74-9d77-8b2ebcfff64f", "value": "0a2c2f5cf97c65f6473bdfc90113d81e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758039", "to_ids": true, "type": "sha1", "uuid": "106e3896-87f8-4124-aeb1-bf31131efee4", "value": "2408951b4295be8c57e5aae92b1481fe57263e70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758039", "to_ids": true, "type": "sha256", "uuid": "9b45eb4a-08d8-4440-b843-d33be2ae76fa", "value": "b5ea5c1a1841667a4e8ea48f11aa7265914c35d07a02b78b3059d293309d8f45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753648", "to_ids": true, "type": "ssdeep", "uuid": "27c76d1b-2898-47e9-93bc-2a5651d4103d", "value": "1536:nwL2lbO0xogrnUjvzuFluNYp0EMG/91RpAE5s/VpXh:Y29OSo8UuaqMGfRdmx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753648", "to_ids": false, "type": "size-in-bytes", "uuid": "415a33a6-8515-47ed-b677-7f7e58df1c2f", "value": "67504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753648", "to_ids": true, "type": "vhash", "uuid": "9eda35ed-104f-4c8c-a58b-fc411728802e", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753648", "to_ids": true, "type": "filename", "uuid": "769a50c2-3b1f-4ef4-a3be-2681d5cb8388", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753648", "to_ids": false, "type": "text", "uuid": "dedf7388-e4f5-4b55-a89f-81189adff157", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Multiverze\nVT Total Detection:55/73\nFirst Submission:2014-06-04T11:16:45.000000+00:00\nLast Submission:2025-03-13T07:47:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760333", "uuid": "46e1186c-25ca-470f-975b-ad434be1d281", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760333", "to_ids": true, "type": "md5", "uuid": "5324d3ad-e74f-4dd1-9504-5588572e4006", "value": "30b74abc22a5b75d356e3a57e2c84180", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758040", "to_ids": true, "type": "sha1", "uuid": "acb0b659-62dd-4483-afef-d1a8848c3de4", "value": "223529e6ab54025d4174578a28c5fe17d6d1db35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758040", "to_ids": true, "type": "sha256", "uuid": "e69c642f-ed2a-4d8c-8e93-c172613d2d14", "value": "999fd9f219211ca1caa53528b4c51726c8e73f67cc89ee45d53694f656f72d33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753670", "to_ids": true, "type": "ssdeep", "uuid": "d7ad38a3-40c0-4aa8-b8b2-4a0456cdb4bf", "value": "1536:H5K1YRKmmJQTzPUTCGOgG6I8A7kFLps/VpxE:H5kyXmJQTzcmdgI8A22a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753670", "to_ids": false, "type": "size-in-bytes", "uuid": "3c134e18-e174-4e07-89e9-ec96fc2d7f3d", "value": "67504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753670", "to_ids": true, "type": "vhash", "uuid": "b000fc84-979e-4595-a242-62acdde8006f", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753670", "to_ids": true, "type": "filename", "uuid": "1219bc93-b2a8-45c4-add0-cf0ff82b950e", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753670", "to_ids": false, "type": "text", "uuid": "4c26a205-353b-4ee1-be71-785bd393a8c8", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/Rootkit!MSR\nVT Total Detection:57/73\nFirst Submission:2014-06-03T20:52:19.000000+00:00\nLast Submission:2025-03-14T00:39:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760354", "uuid": "e0883109-ef75-41e1-8334-741e2afa9d8a", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760354", "to_ids": true, "type": "md5", "uuid": "76c3b919-7e99-4cef-8de5-f9a870cccc00", "value": "a0424e8436cbc44107119f62c8e7491b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758041", "to_ids": true, "type": "sha1", "uuid": "52f25836-9ddf-4ca5-8eb9-fa4de6290574", "value": "4533aa4ae52af25754482f1829e2b2757481c6e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758042", "to_ids": true, "type": "sha256", "uuid": "7203be81-cf45-400b-bdfa-c3098f4d0936", "value": "7c6793fbae5b05dc54c2ffd3e80658b809eeb43f4ea67d1385c494d10a767664", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753692", "to_ids": true, "type": "ssdeep", "uuid": "b047091b-ba01-41f8-9259-6b84a9af4034", "value": "1536:W/ENV7/xs6giGCMnjSMVVkYKniDxu3/zLMQyX6fs/VpIr:W/0VMznjSOVrDxTRa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753692", "to_ids": false, "type": "size-in-bytes", "uuid": "c826de30-7c37-47b6-bf56-96a873ef3a8e", "value": "68528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753692", "to_ids": true, "type": "vhash", "uuid": "60acee2e-d829-4396-af5e-c29e9dae7d2a", "value": "06406e751d1e551519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753692", "to_ids": true, "type": "filename", "uuid": "8e1cd0d2-d599-4d36-8659-94cc5c610495", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 30/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753692", "to_ids": false, "type": "text", "uuid": "ad4d2e77-1e6b-42a7-a3fc-0af5ef6f3a38", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!rfn\nVT Total Detection:52/72\nFirst Submission:2016-11-28T21:25:22.000000+00:00\nLast Submission:2022-08-14T12:53:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760375", "uuid": "919a61f6-73c3-4849-9fe6-57efa2babefd", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760375", "to_ids": true, "type": "md5", "uuid": "7f31d736-9039-467c-a66c-f1b65c0d2495", "value": "e70976785efcfaeed20aefab5c2eda60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758042", "to_ids": true, "type": "sha1", "uuid": "11568acd-e86a-44fd-bfe6-81d875f098f8", "value": "3bdbf866cada5f7dd577f8093f9292074b78a808", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758042", "to_ids": true, "type": "sha256", "uuid": "135d400f-bc3d-4c9a-bfbe-e4ad2ca2ad58", "value": "afe8e3d0ac03470d89449ec504fa23480b9d2c2d3dd4b9b6140585b9878191ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753735", "to_ids": true, "type": "ssdeep", "uuid": "a7e47641-ca7c-47a2-970c-86ba6f902d42", "value": "1536:8084yXEVAnmyfmn+h6nVgA+EYK5lZq6GFKs/Vp1h:/8KU5uOEN5OH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753735", "to_ids": false, "type": "size-in-bytes", "uuid": "575bcbec-61b3-4cdd-bdb9-877276d7e11b", "value": "67504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753735", "to_ids": true, "type": "vhash", "uuid": "2fe77568-442c-4862-a07c-0035b553f2d1", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753735", "to_ids": true, "type": "filename", "uuid": "5db38585-3baf-4d8b-a545-0226e8b2b70e", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 02/09/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753735", "to_ids": false, "type": "text", "uuid": "746b6881-0514-4e29-bf7c-15e1aa1ecef1", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:50/72\nFirst Submission:2025-09-01T10:21:54.000000+00:00\nLast Submission:2025-09-01T10:21:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760397", "uuid": "03c10d81-7ca6-4a47-ae67-6d6d66494cdc", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760397", "to_ids": true, "type": "md5", "uuid": "7c697389-5d03-4156-b3d6-3fb10964b305", "value": "397b5d66bac2eb5e950d2a4f9a5e5f2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758044", "to_ids": true, "type": "sha1", "uuid": "c8dc188d-d3ed-4218-83fe-08123a4b6740", "value": "7a2663b9078d140cec3f0a6b2b8607a1c346825e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758044", "to_ids": true, "type": "sha256", "uuid": "8c801482-231e-4614-97b9-ab509171efdd", "value": "43ce710a83c99fb4c0bac2ea93727a9d5dda6e82e30b5fe861f9e3e0acddaa1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753756", "to_ids": true, "type": "ssdeep", "uuid": "0dfb4565-a24a-4fa8-b4fd-50b77d208b2a", "value": "1536:4BGmlQk0H9rOtSbXxuKs/0LknI03lBs/VptNC:4T2karOQbAR/kMVVePC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753756", "to_ids": false, "type": "size-in-bytes", "uuid": "1b85e1a3-c2b7-4a20-8e81-171c49eabc8b", "value": "68016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753756", "to_ids": true, "type": "vhash", "uuid": "31b6b6d9-80d9-4a0a-8d4f-ea8d2d4cb937", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753756", "to_ids": true, "type": "filename", "uuid": "c92913cb-944a-4414-9f1b-6cf4f4e14f77", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753756", "to_ids": false, "type": "text", "uuid": "ab4be65f-ab29-4fdd-a49d-ae25e4c94882", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:58/73\nFirst Submission:2014-08-17T07:49:02.000000+00:00\nLast Submission:2025-03-13T07:51:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760419", "uuid": "1520a313-e24f-4425-a3e9-ca7e01decb34", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760419", "to_ids": true, "type": "md5", "uuid": "d313c011-7da4-4f4e-a573-ee9cb0c978a8", "value": "4e9bde9b6abf7992f92598be4b6d1781", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758045", "to_ids": true, "type": "sha1", "uuid": "4b21fffa-76d4-4efb-9884-1604f92c1e4d", "value": "dd0848bf34a2348705434233ad8b260bf3c850cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758045", "to_ids": true, "type": "sha256", "uuid": "25352e7b-ec0f-424d-bd90-0aa9bb100440", "value": "8e91a6048e59763ae92f41879216f0d37f20205489c0d76d619ebb9334cafd66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753778", "to_ids": true, "type": "ssdeep", "uuid": "1288daf6-a2ed-4059-99a6-2c446762920f", "value": "1536:mcmWMRKBgdvmeIjxvBgb0W0LhH73p7ss/VpWnO:PcRKBgyFm4WGpdD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753778", "to_ids": false, "type": "size-in-bytes", "uuid": "5368c85f-56ba-4cb2-96cc-f1bb68fdc26a", "value": "67504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753778", "to_ids": true, "type": "vhash", "uuid": "50d5b856-03c8-48d3-9c3d-2b4ca1b4cda0", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753778", "to_ids": true, "type": "filename", "uuid": "f716c8cd-e24a-4296-8de3-6b4e83e7d7cd", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753778", "to_ids": false, "type": "text", "uuid": "60147ea2-a7d8-455e-ba6c-9c7720bda41e", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!ac\nVT Total Detection:57/73\nFirst Submission:2014-08-17T08:03:02.000000+00:00\nLast Submission:2025-03-13T08:28:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760441", "uuid": "d0686304-8b61-454d-8909-df978593b55d", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760441", "to_ids": true, "type": "md5", "uuid": "0dc6a3d3-e2a6-4dad-813b-122dae82afee", "value": "54d266dee2139dd82b826a9988f35426", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758047", "to_ids": true, "type": "sha1", "uuid": "8eda7456-77e4-473c-b925-237149f4c779", "value": "1258f78bad50b790eda0af1b1a81f2b75a3715d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758047", "to_ids": true, "type": "sha256", "uuid": "aba68fd1-f243-470b-a6a7-650548d1fe7e", "value": "40804a95178b91eb67cc35d1386a6b059e621bc5c93d3afd85ba6026ea5f9b11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753800", "to_ids": true, "type": "ssdeep", "uuid": "e3672f53-eeef-43b1-baba-8c78d8766a53", "value": "6144:XgcpGNkXfhTreoH2OMQz2A1P/lKXnrJcGKq4KODottj0wFMN:XjEkPhu82OJ2+sncq4KODYpFC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753800", "to_ids": false, "type": "size-in-bytes", "uuid": "9da12079-536a-4d98-bf8c-24c394def939", "value": "263600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753800", "to_ids": true, "type": "vhash", "uuid": "0ee26013-bcc0-4807-9f1d-81cd0689ca0e", "value": "02505e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753800", "to_ids": true, "type": "filename", "uuid": "a0864066-be39-4362-9489-c96bdbc48f31", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753800", "to_ids": false, "type": "text", "uuid": "27a86404-7549-45e3-b8a6-7a0a55fe42c9", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:57/73\nFirst Submission:2014-08-17T07:42:45.000000+00:00\nLast Submission:2025-03-15T01:15:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760463", "uuid": "a73368ce-6475-4164-9a22-eabd3b12a619", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760463", "to_ids": true, "type": "md5", "uuid": "c330a2b0-7368-4388-97ed-749dd8781326", "value": "5b4faa2846e91e811829a594fecfe493", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758048", "to_ids": true, "type": "sha1", "uuid": "8e47878b-b8be-45a1-9e00-fd050b13c235", "value": "0babd9dd37e14d7e78edf310d98b1f953af4679c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758048", "to_ids": true, "type": "sha256", "uuid": "5aecfae4-e702-4bf8-ac22-0d4908d03919", "value": "5015229a570efb1ceb2f1c3ec1369abd80cf4c3f7501a8e5c0afaa88d4941399", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753823", "to_ids": true, "type": "ssdeep", "uuid": "41487643-36be-4a77-b0d1-dc5d64ea590b", "value": "1536:dPJ5NmjfTDrUg9QhkmCLFL3JWn9T0lUoXZs/VpI+J:/5N8ogzmE530n9TtRJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753823", "to_ids": false, "type": "size-in-bytes", "uuid": "d20aaddf-cee5-4f89-9d04-6dd9cf819306", "value": "66992" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753823", "to_ids": true, "type": "vhash", "uuid": "b73c2f6a-a178-428a-9586-4328f4aa1da5", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753823", "to_ids": true, "type": "filename", "uuid": "9110db97-dc96-4226-9b8d-be3b5356ab71", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753823", "to_ids": false, "type": "text", "uuid": "f0f11793-7f0b-4cbe-bf56-57535e5ac082", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:59/73\nFirst Submission:2014-08-17T08:29:50.000000+00:00\nLast Submission:2025-03-13T08:00:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760485", "uuid": "4d405c09-56af-4342-a65f-1f25fbddf257", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760485", "to_ids": true, "type": "md5", "uuid": "e2a42070-ae37-481d-b665-979aa7cc2eb6", "value": "ccad214045af69d06768499a0bd3d556", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758050", "to_ids": true, "type": "sha1", "uuid": "eb14e007-9f8d-4d94-9948-05ec1c2d8ff7", "value": "ef2c41f84164559df115c7f5199713a47737493b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758050", "to_ids": true, "type": "sha256", "uuid": "9bf30931-3025-42a2-a15e-2306e1a3e044", "value": "81125a5eb555dc898a5af966cf5ac8380e6c8e64a1c7f7981e8db8c9dbb37394", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753865", "to_ids": true, "type": "ssdeep", "uuid": "b7bd72ed-a453-4447-86e5-e021f200e381", "value": "1536:mguxQWG8GRmxF7n0SXOdXZ75LWgZi2ivumuosWQ7s/Vpd4:mvJGeX7nlE7Mh9uncy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753865", "to_ids": false, "type": "size-in-bytes", "uuid": "a94f8095-5f61-45f5-aed5-8ac9d09359ca", "value": "67504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753865", "to_ids": true, "type": "vhash", "uuid": "426dddbd-4ba5-4eeb-bdc0-2d6f44a7a7e5", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753865", "to_ids": true, "type": "filename", "uuid": "03a3be5e-480b-4aa8-a1f9-e3d4f482853f", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753865", "to_ids": false, "type": "text", "uuid": "6e4aeed9-bfd2-4427-b526-962f3514e6ac", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Phasyrr!rfn\nVT Total Detection:57/73\nFirst Submission:2014-06-28T09:13:26.000000+00:00\nLast Submission:2025-03-13T08:29:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760506", "uuid": "2f92b663-6127-43a6-8294-8a1ee5b4ea2e", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760506", "to_ids": true, "type": "md5", "uuid": "b1b5afa3-67c6-4625-94eb-a2974d8a5036", "value": "715e9e60be5a9b32075189cb04a0247e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758051", "to_ids": true, "type": "sha1", "uuid": "5c64c2bf-6902-4212-a2ff-7a00ef82ab46", "value": "8743c8994cc1e8219697394b5cb494efa7dad796", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758051", "to_ids": true, "type": "sha256", "uuid": "881e8b4e-8fdb-4e22-89f4-0374396301e2", "value": "2aade7381aa87f55b7d7a5284d22be5472fd8cd966d216fd4445ca3a8bbb3ff3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753908", "to_ids": true, "type": "ssdeep", "uuid": "d7dbd7b1-1e30-45ba-ba71-33b20086d7bf", "value": "1536:5OKtb09UWCE/zDtIWUZrXtDKUyoqnCQ6yOs/VpyQ:oKtbqxCE/SBBXOrp6y3yQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753908", "to_ids": false, "type": "size-in-bytes", "uuid": "c2bc97cc-ff94-4858-9b4d-b7abf71207a9", "value": "66480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753908", "to_ids": true, "type": "vhash", "uuid": "fea66528-c2f8-4f00-b8d3-e268891c133d", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753908", "to_ids": true, "type": "filename", "uuid": "f643a359-0e49-45a0-8b55-70e0fe276b5c", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 01/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753908", "to_ids": false, "type": "text", "uuid": "76d47f5c-5d8d-4621-8171-4e8fa1b8cc71", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Virus:Win64/Phdet.A\nVT Total Detection:54/72\nFirst Submission:2014-02-18T18:13:03.000000+00:00\nLast Submission:2025-03-13T08:14:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760528", "uuid": "374a62c8-8e2b-4235-8633-de11e6dc7fe4", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760528", "to_ids": true, "type": "md5", "uuid": "972eaa2d-9d49-4311-891f-d69f3bc2eb15", "value": "3835c8168d66104eed16c2cd99952045", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758052", "to_ids": true, "type": "sha1", "uuid": "8fd7bc7c-2de4-4d41-be39-c36b4342bfa3", "value": "4072fe4b1ec1d33b2408c7d16460360a5c8c50f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758052", "to_ids": true, "type": "sha256", "uuid": "c6087043-d934-43f8-9065-75bc2ca6f705", "value": "fc177640e9f1983ea3b57d1e60d7f68622abe7e79a7660f4934a24e9d5e486d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753930", "to_ids": true, "type": "ssdeep", "uuid": "a153babf-828b-4be4-a550-8ff5fc3715a9", "value": "1536:dYLT2+GUtckplMVDyo01HqijQ75iUwLrGLYs/VpV:daK+GxDyNKX7nV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753930", "to_ids": false, "type": "size-in-bytes", "uuid": "f051c87e-8432-42bf-838f-6b3999587ec8", "value": "67504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753930", "to_ids": true, "type": "vhash", "uuid": "8b362963-094e-46c7-a0c5-18e7fb4a9a53", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753930", "to_ids": true, "type": "filename", "uuid": "b307a334-cfd6-4cc6-b782-78640fe2bac1", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753930", "to_ids": false, "type": "text", "uuid": "6fd4550c-c575-47a1-84ec-9730e7e5fc4e", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:57/73\nFirst Submission:2014-07-03T06:20:34.000000+00:00\nLast Submission:2025-03-13T07:51:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760549", "uuid": "4b74bb7c-3b10-4ba4-98d9-97da4e2e849a", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760549", "to_ids": true, "type": "md5", "uuid": "9bb12c3f-36d0-4aac-94c1-49fabff0cedc", "value": "f32c29a620d72ec0a435982d7a69f683", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758054", "to_ids": true, "type": "sha1", "uuid": "3ede8efa-5695-4c84-8b6e-6e257fc00b48", "value": "c81c8a73cc6268790bc2f542cf2f10083f68696a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758054", "to_ids": true, "type": "sha256", "uuid": "bb378767-99bc-44a9-8bef-fe5a7b98dd2c", "value": "66d3ac034ad6d1096e781fb65c6bec652b670d4a445436c4ce82b383d413483c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753952", "to_ids": true, "type": "ssdeep", "uuid": "af1fb811-5457-4d82-9516-723b0506515c", "value": "1536:8/Moriuzwgw8l5NCWBi3EFOtZXY5QgJmHcz0fzs/VpFp:SPr1zwi9CWLOtZXYEClL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753952", "to_ids": false, "type": "size-in-bytes", "uuid": "04b5edcb-94e2-46d0-8feb-825594b2b987", "value": "67504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753952", "to_ids": true, "type": "vhash", "uuid": "9a21feaf-2415-4213-9282-ef959c7764ae", "value": "06405e751d1e5519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753952", "to_ids": true, "type": "filename", "uuid": "6593d772-5e7f-466a-bea9-d17828d74111", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 08/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753952", "to_ids": false, "type": "text", "uuid": "f822a7d2-0621-4684-9fec-caaae42e564f", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:51/72\nFirst Submission:2022-07-26T17:10:36.000000+00:00\nLast Submission:2022-07-26T17:10:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760571", "uuid": "7d91e9c3-80c8-4d43-a711-0a52d5db211d", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760571", "to_ids": true, "type": "md5", "uuid": "68956921-2cf6-42f8-92ad-7f587be9d45a", "value": "95e9162456d933fff9560bee3c270c4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758055", "to_ids": true, "type": "sha1", "uuid": "3b9269f3-93ed-4f26-9898-b7905b98df3d", "value": "1d3973988ce9634b34fd0e8e067a291643689785", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758055", "to_ids": true, "type": "sha256", "uuid": "c1a433a9-36cf-4b81-97a3-b8e2b53b810d", "value": "6e4ea64d587a94aa4e66e6645894e36f43439d273d2744c3145dc0ca2450b343", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753974", "to_ids": true, "type": "ssdeep", "uuid": "ecb958fe-852e-4210-8666-e52cc5c12f10", "value": "768:q58m3fV1XtgqJuDOQSjY98cRreYGd1uO2mFVsqlz2yHsGSJ+FO5EaZa1eW+qbmIx:9m3zNJ2yjYGH0AMGs3MVtmIGs/Vp5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753974", "to_ids": false, "type": "size-in-bytes", "uuid": "06e43c8c-e0c0-4ab3-9ba2-a3c5651c833c", "value": "68016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753974", "to_ids": true, "type": "vhash", "uuid": "e4aea971-9ab3-4697-9587-0fccdd030ffb", "value": "06406e751d1e551519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753974", "to_ids": true, "type": "filename", "uuid": "be06a361-a75a-4e58-a076-28ef82855cba", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 09/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753974", "to_ids": false, "type": "text", "uuid": "44b16656-092c-4bd6-bfb2-970b61d88dff", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:54/72\nFirst Submission:2022-07-25T19:11:29.000000+00:00\nLast Submission:2022-07-25T19:11:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760592", "uuid": "b6cc5218-9446-48fc-828a-bc44cd2e3af9", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760592", "to_ids": true, "type": "md5", "uuid": "e08b254c-1459-446a-a675-f74c0f0b7999", "value": "da01ef50673f419cf06b106546d06b50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758056", "to_ids": true, "type": "sha1", "uuid": "5773bf91-ecbd-44fd-8d3e-f52bf27df9c8", "value": "388552844b89e06716df01743e4aadb941d117d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758056", "to_ids": true, "type": "sha256", "uuid": "439505fb-182b-49f2-b67b-26635c5d1d8f", "value": "67027727c60e61bbc91d8a1926523c74ac2231b89a803d1fcbf20c5d1a86be4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771753995", "to_ids": true, "type": "ssdeep", "uuid": "1e15bb29-d7d1-48b6-9b3c-f4fbc1761409", "value": "1536:xYA0IXC0vobmZEjvaAURDTirOjss/VpbGR:xYTsfo4EbgKyI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771753995", "to_ids": false, "type": "size-in-bytes", "uuid": "a6bce9c8-4455-49cb-9de9-8b26fa59a1a0", "value": "67472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771753995", "to_ids": true, "type": "vhash", "uuid": "337fbffe-94b6-4cc5-84a3-96b265383a3a", "value": "06406e751d1e551519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771753995", "to_ids": true, "type": "filename", "uuid": "5ccb561c-5061-455d-a2b6-2373edc0495c", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 03/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771753995", "to_ids": false, "type": "text", "uuid": "30b8d7db-b679-4995-8f99-8607a0a79d53", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Multiverze\nVT Total Detection:57/72\nFirst Submission:2014-09-18T02:37:39.000000+00:00\nLast Submission:2025-03-13T07:48:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760614", "uuid": "66c4e23b-f759-4627-bbe1-61493298451a", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760614", "to_ids": true, "type": "md5", "uuid": "290e4a20-9f0a-4254-843c-c796c812d771", "value": "2dd4c551eacce0aaffedf4e00e0d03de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758058", "to_ids": true, "type": "sha1", "uuid": "71773c0f-3171-4b61-a1d4-593ff42295a6", "value": "fbd4dab22bec54f52c14d220e9e299f9f1ff4e0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758058", "to_ids": true, "type": "sha256", "uuid": "39ae9f38-7bb9-4991-93c9-d26dad4cd5d8", "value": "39cb79df5eb367f67f83855304ad0b3afed4dad022d264a34a4f77911c03aa63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754017", "to_ids": true, "type": "ssdeep", "uuid": "5c267703-df3c-4e02-ac02-94e9b1e46813", "value": "1536:ft72lFvMbUPqw2nn20y+B4OmWAIIitahms/Vpasl:V72eUo20yPQcRV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754017", "to_ids": false, "type": "size-in-bytes", "uuid": "a5c1a999-b172-493d-8796-9cc52c09119d", "value": "67472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754017", "to_ids": true, "type": "vhash", "uuid": "b1f0b8ca-5c67-4dac-9f54-1b4455c53f93", "value": "06406e751d1e551519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754017", "to_ids": true, "type": "filename", "uuid": "9e4eaf7d-86ad-43ef-aaa6-0a24fc651851", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 05/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754017", "to_ids": false, "type": "text", "uuid": "230926ea-7718-48da-9230-543a1815d895", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Multiverze!rfn\nVT Total Detection:57/72\nFirst Submission:2014-09-20T14:10:58.000000+00:00\nLast Submission:2025-03-13T08:26:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760635", "uuid": "7e66534d-0b8a-4c64-a93f-61561ac3a840", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760635", "to_ids": true, "type": "md5", "uuid": "3b53fecb-335f-4e86-8df1-65ec1291bb52", "value": "34f80f228f8509a67970f6062075e211", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758059", "to_ids": true, "type": "sha1", "uuid": "a7ac4690-5356-4392-99c8-6622aa814016", "value": "33e6adb69029ff9800f99fda2bc8244373eaf439", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758059", "to_ids": true, "type": "sha256", "uuid": "64fadcf6-af2f-4e25-8a3b-8783f049bd48", "value": "f257018ee64cdf17156eb8929bbbf60d73382571b8c6b9c485d5b1774ae42df6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754040", "to_ids": true, "type": "ssdeep", "uuid": "8b051c4a-92f7-4001-9354-4cca713d75f4", "value": "1536:ZB4YOtCq1zbcWwABUP8mFAcc+AJLb0JUxf3cp8s/Vp4M:ZB4YOsqqWLs9AHJLbzPiNL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754040", "to_ids": false, "type": "size-in-bytes", "uuid": "6b7af676-ed3f-439a-b1ec-3ba1de9b4cda", "value": "67984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754040", "to_ids": true, "type": "vhash", "uuid": "a126a085-ec76-42d7-a7f6-33681f9ead94", "value": "06406e751d1e551519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754040", "to_ids": true, "type": "filename", "uuid": "6c528d8c-bb69-4903-ac1c-7fe8340589f3", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 21/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754040", "to_ids": false, "type": "text", "uuid": "8d53af73-08ec-4f01-8e18-4d76c731fdb7", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:49/72\nFirst Submission:2022-07-26T17:40:19.000000+00:00\nLast Submission:2022-07-26T17:40:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760657", "uuid": "79b6db0d-ebdc-4184-b2cd-8870964b3ec2", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760657", "to_ids": true, "type": "md5", "uuid": "c3dd8eae-8d0a-4536-a5e8-3bd1ced79233", "value": "81ca7526881a0a41b6721048d2f20874", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758061", "to_ids": true, "type": "sha1", "uuid": "a829b2fa-6522-45cb-9caf-3eb9fc490ca8", "value": "0b7c55e84117871087470ca1b725929bc17da8e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758061", "to_ids": true, "type": "sha256", "uuid": "2c8c9b3d-ab1a-4deb-9781-417b609de8cb", "value": "4d31a81515ea04765b488dadc49acac4a2b81ca16eee1993ccd97b51a75510d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754061", "to_ids": true, "type": "ssdeep", "uuid": "7b1ea32f-1d6a-4690-bcbb-97dcba818f6c", "value": "1536:gQ25D4ND7MuMdUfTXEQh6hO9CW/WwpLpuhu/Cs/VplW:r25D4Uu/LUQIhOcPy4ArE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754061", "to_ids": false, "type": "size-in-bytes", "uuid": "c0a0f06f-4f61-4e69-8099-9a206968bdbb", "value": "67472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754061", "to_ids": true, "type": "vhash", "uuid": "0bb5361e-94f5-4eb0-9e22-9a796f8d4dfb", "value": "06406e751d1e551519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754061", "to_ids": true, "type": "filename", "uuid": "b0a1ec6e-f7e3-4151-b77b-57ef57a36dbe", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 02/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754061", "to_ids": false, "type": "text", "uuid": "6cd676f7-54c9-4c42-a64e-f429e65e1dd0", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:56/72\nFirst Submission:2017-12-31T16:07:19.000000+00:00\nLast Submission:2025-07-13T01:21:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760678", "uuid": "8165d967-5018-4bfd-93ef-8ea7e80445b0", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760678", "to_ids": true, "type": "md5", "uuid": "268b6c09-6456-4c94-bf81-ecbc0fcf3998", "value": "d642c73d0577dd087a02069d46f68dac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758062", "to_ids": true, "type": "sha1", "uuid": "804761a5-f204-4f36-a945-6351bc45e361", "value": "bf74f4441295e3ffb8e39b59f49fe8555b5263a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758062", "to_ids": true, "type": "sha256", "uuid": "4f31cc4f-58af-4206-8eaa-1374ba2abd47", "value": "44e1c985a824a1da9f26ad1bc89d9341eebfcea73a5df4ba346651a32d2530b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754084", "to_ids": true, "type": "ssdeep", "uuid": "0042a314-7f5d-452b-94ca-dcba1a26b4ec", "value": "1536:uaC84Dahw5k6pCRrCxUbG3F9fDHBI7LLG+uTyL0s/VpzE:ubwmVpyCPfDHBIHOyRY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754084", "to_ids": false, "type": "size-in-bytes", "uuid": "8a825eb2-740e-40a8-b40c-b6922c3833fd", "value": "67472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754084", "to_ids": true, "type": "vhash", "uuid": "308a1b3f-4d1e-48da-89ef-77bbaaf7cf5d", "value": "06406e751d1e551519z36z55xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754084", "to_ids": true, "type": "filename", "uuid": "583c9afa-8b50-4a6c-98cc-6c39eb079aa4", "value": "AMDIDE.SYS" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 14/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754084", "to_ids": false, "type": "text", "uuid": "6aabc2da-a92b-4e01-b004-5b71e33338cf", "value": "BlackEnergy2\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:50/72\nFirst Submission:2022-07-29T16:59:28.000000+00:00\nLast Submission:2022-07-29T16:59:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760699", "uuid": "3622b5ac-1e5b-4e53-af67-db1285b3c5f8", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760699", "to_ids": true, "type": "md5", "uuid": "1b036ca0-c688-4325-9e4b-0bea21b0e9ed", "value": "f0ebb6105c0981fdd15888122355398c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758063", "to_ids": true, "type": "sha1", "uuid": "d7918f13-9ed3-473e-9982-0eae295800fe", "value": "76c37109e82b711bc774be6553b1ec0ff1766508", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758064", "to_ids": true, "type": "sha256", "uuid": "c2125536-25e0-474e-b682-b175d40ba925", "value": "a30d850239efcb43154d7ae3240fac99e44498b1ab5d0c5220ec1adcfdb8188c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754106", "to_ids": true, "type": "ssdeep", "uuid": "eee8378c-fba1-4d99-918a-393d1bbf3e3b", "value": "768:nd8ZHFw8dHE5I/ir6xnQ15GJLqwAvIVZHifA9iDCSC:Klw8dHEGhDLl7VH0DC5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754106", "to_ids": false, "type": "size-in-bytes", "uuid": "8be1a5f9-e5ab-4e98-a907-e3b74aef77b2", "value": "41472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754106", "to_ids": true, "type": "vhash", "uuid": "da25b6f6-1bdb-480d-9b45-28a9e5bef82c", "value": "1440467555151080105001c00837z3065z52z8003cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754106", "to_ids": true, "type": "filename", "uuid": "20799ea1-bbf4-4400-9fbe-9b1a8d3a87c7", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754106", "to_ids": false, "type": "text", "uuid": "3e0cd2ee-05ce-400f-9459-1cdfd41e3c88", "value": "BlackEnergy3\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:62/73\nFirst Submission:2014-06-15T21:23:08.000000+00:00\nLast Submission:2025-03-13T07:45:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760721", "uuid": "9cf89e4f-59ae-44a4-a1dc-b9b0c1093d38", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760721", "to_ids": true, "type": "md5", "uuid": "e9d2af0c-5558-49f7-ac14-41a6243db9eb", "value": "7cb6363699c5fd683187e24b35dd303e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758065", "to_ids": true, "type": "sha1", "uuid": "d33fe2be-d7bb-493d-96b3-b3753e6ac199", "value": "5273d38637ce2b12c78cf32031720bff657859b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758065", "to_ids": true, "type": "sha256", "uuid": "3cf2dd36-ee73-4cc4-bf04-6d2e8245162b", "value": "83bf068fecd54a6eff1089eeb6c9b2dda748324968f683a80247ae72e7866583", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754128", "to_ids": true, "type": "ssdeep", "uuid": "fe2b5f0c-bcd3-4f9c-a160-6e556e295d58", "value": "768:iQp3gYxrSYPs5ilguZ0iqwAvILZHifA9iDCSu:vvsYRZ0il7LH0DCd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754128", "to_ids": false, "type": "size-in-bytes", "uuid": "cd645b3a-686c-4b81-bac1-e43b0e8a79cb", "value": "40960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754128", "to_ids": true, "type": "vhash", "uuid": "85d139e3-1d04-4540-a4d2-9772e195128a", "value": "1440467555151080105001c00837z3065z52z8003cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754128", "to_ids": true, "type": "filename", "uuid": "8a8d060f-0dbe-4ee8-a7b8-7b42a2b933cd", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 20/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754128", "to_ids": false, "type": "text", "uuid": "78deec8c-92ab-4333-ae61-807962378c02", "value": "BlackEnergy3\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:63/73\nFirst Submission:2014-05-13T05:32:16.000000+00:00\nLast Submission:2025-03-19T17:36:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760742", "uuid": "2e29c2c6-8532-485e-9f15-f36971cd9875", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760742", "to_ids": true, "type": "md5", "uuid": "7b6f610a-31a2-4d51-8ce7-a343b856b0ea", "value": "4d5c00bddc8ea6bfa9604b078d686d45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758066", "to_ids": true, "type": "sha1", "uuid": "5ceccac3-9921-4237-9e3f-e29caf3c5b94", "value": "01a87225f9c285894cb2d4fbfcbaf879c8f6b3f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758066", "to_ids": true, "type": "sha256", "uuid": "d363ee3e-fb76-4582-b88f-930bf5afe167", "value": "d1d187ef930257ef6f1562d97d41339cef193e8cfe9137cfcf492ac9d29f2962", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754150", "to_ids": true, "type": "ssdeep", "uuid": "9f2ff339-a040-4339-a246-ce0e8f78a689", "value": "1536:LlS4QaRg1fNOIBfKvhl3WqHocLTXG19wgYivm/XJv:Lw2g1VfBfohl3fZTXAb6XJv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754150", "to_ids": false, "type": "size-in-bytes", "uuid": "8193827c-b18b-43d7-886f-8b1f2d1e0c0c", "value": "81408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754150", "to_ids": true, "type": "vhash", "uuid": "9ca82ecd-4dee-40e7-8f9b-294a7fd8a399", "value": "0840366555109043z8003b7z47z62z3e03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754150", "to_ids": true, "type": "filename", "uuid": "7991cb02-202f-4701-9a05-20de0fb4325e", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 29/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754150", "to_ids": false, "type": "text", "uuid": "9b845922-a9ad-4286-b52b-9b707a0a98d8", "value": "BlackEnergy3\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.A\nVT Total Detection:61/72\nFirst Submission:2014-05-18T08:13:11.000000+00:00\nLast Submission:2025-03-13T07:51:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760763", "uuid": "08f39f5e-13be-48eb-bfa5-16b5cd40bcb1", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760763", "to_ids": true, "type": "md5", "uuid": "fd47f29e-ee86-4a42-8a6a-9cd3fac23b84", "value": "f37b67705d238a7c2dfcdd7ae3c6dfaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758068", "to_ids": true, "type": "sha1", "uuid": "ab46acb2-7418-4b14-9bda-f55bd37fe456", "value": "65efbd8216d4c1e03c4191e0efca3af0991e0256", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758068", "to_ids": true, "type": "sha256", "uuid": "d5703896-906e-4c63-85e0-d4817b1b533b", "value": "7c6eabb71278d4292c9883af18351ffdcd9e1e4f269b0236d40b680c996c935b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754172", "to_ids": true, "type": "ssdeep", "uuid": "89af2511-3d2c-4fe2-b87e-58d8c03dfadb", "value": "768:qoxonpqlnPfATowHHdvDiHFqwAfishoGpPn9:qo3gTJLiHFlNsLPn9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754172", "to_ids": false, "type": "size-in-bytes", "uuid": "4dd49a8a-e66c-462b-9dd3-b7c110dd30b1", "value": "43008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754172", "to_ids": true, "type": "vhash", "uuid": "b62193dc-8e47-474c-b9bf-59c5db6e070a", "value": "044046751515109043z800467z47z62z4403cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754172", "to_ids": true, "type": "filename", "uuid": "622e4497-c273-4e3f-87cd-f26cefcc17cb", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754172", "to_ids": false, "type": "text", "uuid": "a29ee060-a7a0-4b7a-934b-cf3bce646c45", "value": "BlackEnergy3\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:61/73\nFirst Submission:2014-04-15T18:42:41.000000+00:00\nLast Submission:2025-03-13T07:49:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760785", "uuid": "659dafb0-6b92-4fdd-b840-9b2034cd4fd1", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760785", "to_ids": true, "type": "md5", "uuid": "a9c699a6-4c59-4111-a0cf-9996d14dd4b4", "value": "46649163c659cba8a7d0d4075329efa3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758069", "to_ids": true, "type": "sha1", "uuid": "d71ce68e-fe4b-40d3-9aba-1759a5f82af1", "value": "d50ef48d516f631bacc75d3a4d67052878c02a57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758069", "to_ids": true, "type": "sha256", "uuid": "3d20ba2d-2772-43f5-9f27-ba5a52308507", "value": "80fd4a851cbc8128368b900cda47d5087939bfe82ab893327f2871e61a14d9b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754194", "to_ids": true, "type": "ssdeep", "uuid": "f15649ac-fefe-41de-aea3-4eb45b4c7595", "value": "768:q9hVhszRXX85y5bYzpoZYUwSh8aPwAvuHnaNZHifA9iDCS8:qfsdXM1poZYUwE8BPGH0DCX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754194", "to_ids": false, "type": "size-in-bytes", "uuid": "a419ff10-bce1-440c-9a0f-ac53eccff325", "value": "43520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754194", "to_ids": true, "type": "vhash", "uuid": "312e6da4-7b42-4b08-9085-c08943fdaa8f", "value": "1440467555151080105001c00837z3065z52z8003cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754194", "to_ids": true, "type": "filename", "uuid": "a9232339-1606-484c-b0c8-6fd33e36899f", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754194", "to_ids": false, "type": "text", "uuid": "220d2097-bb9e-4cb4-9cd3-eab3d37a0d77", "value": "BlackEnergy3\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:58/73\nFirst Submission:2014-06-27T10:27:36.000000+00:00\nLast Submission:2025-03-13T08:24:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760807", "uuid": "2305ae1c-d0f9-46fd-aa43-3365cf883712", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760807", "to_ids": true, "type": "md5", "uuid": "3b79435f-d6bf-4df6-ab64-10b70665ed1b", "value": "628ef31852e91895d601290ce44650b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758070", "to_ids": true, "type": "sha1", "uuid": "45d4f75c-df7c-4014-867d-58a380a59e69", "value": "ee0adc75d5ad7369baf27d380cb03250c73c0c46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758070", "to_ids": true, "type": "sha256", "uuid": "91af7227-33ae-4b38-8644-2606f2ffbd7e", "value": "eab8371012a132d43100ff2d27a8c0cb9b5e48f96b0772bd7205227496447205", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754215", "to_ids": true, "type": "ssdeep", "uuid": "968df90a-3f16-416a-98e0-b5dc4d81654c", "value": "1536:VwOrSdcCw7jzs6ZVDd2SR8I/tr+TSw5vwqFAU0199vVFAQVT6YfXJv:JrSWPjQQVIc8I5WSw5vV0v2QvXJv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754215", "to_ids": false, "type": "size-in-bytes", "uuid": "0b86849c-122a-4b2c-96a8-3ad44981cc3d", "value": "93696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754215", "to_ids": true, "type": "vhash", "uuid": "cd17fc1d-dcd2-448a-99f5-1f8a79876db5", "value": "0940366515109043z8003b7z47z62z3e03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754215", "to_ids": true, "type": "filename", "uuid": "10cd15bf-e0a7-48a7-8a34-3e10b0b6dcab", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 28/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754215", "to_ids": false, "type": "text", "uuid": "19821505-2151-4d98-ba22-a6c1661ad49a", "value": "BlackEnergy3\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet!rfn\nVT Total Detection:62/72\nFirst Submission:2014-06-30T14:18:30.000000+00:00\nLast Submission:2025-03-13T07:48:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760828", "uuid": "cbaac2cb-4270-4dea-9b34-1bff0af63f4b", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760828", "to_ids": true, "type": "md5", "uuid": "638db17b-4858-4bc1-9458-6e828f01549a", "value": "8b9f4eade3a0a650af628b1b26205ba3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758072", "to_ids": true, "type": "sha1", "uuid": "85b1fcb6-f559-43b8-ae8b-438d819da4c2", "value": "d5d90d920fe428f9b10e503556ee576909ba167c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758072", "to_ids": true, "type": "sha256", "uuid": "cd7d8123-4d61-4e2d-a090-4d1795b2fc35", "value": "e052ea4fbc3aeed1e46df6966bb60c29c6e706ba8fd737fd9ab414fc29189345", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754258", "to_ids": true, "type": "ssdeep", "uuid": "a50045dc-5ff2-4c2f-a60b-558b33eed810", "value": "1536:O81tA6y/TnlUuhg87jD5ZvjsVBkd/CgYzEYtUSZri1YifTkm/XJv:71dy/jzj7jDg8d/LkEdSZrc1XJv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754258", "to_ids": false, "type": "size-in-bytes", "uuid": "7429160f-6ca4-445b-9089-e65f4ad95247", "value": "82944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754258", "to_ids": true, "type": "vhash", "uuid": "e73cb429-578d-4b79-a4ee-7072878c5f4c", "value": "0840366555109043z8003b7z47z62z3e03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754258", "to_ids": true, "type": "filename", "uuid": "382e7af9-57cd-4e96-a767-8b147f76ca2d", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754258", "to_ids": false, "type": "text", "uuid": "822c1264-4b54-4055-b5be-bf1e7e4d84fd", "value": "BlackEnergy3\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.A\nVT Total Detection:60/72\nFirst Submission:2014-04-15T18:43:04.000000+00:00\nLast Submission:2025-03-13T08:13:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760849", "uuid": "addb19ae-d73c-40d3-9c52-d5957e5cc569", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760849", "to_ids": true, "type": "md5", "uuid": "062ef545-71da-4e91-82e8-691dedb97c70", "value": "6c1996c00448ec3a809b86357355d8f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758073", "to_ids": true, "type": "sha1", "uuid": "684edcd0-0769-42ce-90f2-1ec08afef29f", "value": "ccad2a8b1a6d6108954d693e26209028356e8418", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758073", "to_ids": true, "type": "sha256", "uuid": "c064e5ea-a61b-434c-b72c-a87b96957fad", "value": "cef12f7a9dfb22f65282251bd1e98e4cd8dc68e747b74c90ceff3ef26f76f894", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754301", "to_ids": true, "type": "ssdeep", "uuid": "b0fbac64-b6ad-41f0-a366-4d84188402be", "value": "1536:pKq1kJTacKNqZZAC3/EVXnXTofM/JifnwdSbH76UzlFYfXJq:p2WNcaCPEVnEMmtHGUIXJq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754301", "to_ids": false, "type": "size-in-bytes", "uuid": "d6d339b2-5bf7-4bbe-9219-fd99a203b2f2", "value": "95744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754301", "to_ids": true, "type": "vhash", "uuid": "9295160f-32e5-40f3-a2b5-c22135017fb3", "value": "0940366515109043z8003b7z47z62z3e03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754301", "to_ids": true, "type": "filename", "uuid": "f1d37a1e-03cc-4158-9711-6724380a1926", "value": "ccad2a8b1a6d6108954d693e26209028356e8418.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754301", "to_ids": false, "type": "text", "uuid": "eab3ac35-7a57-4464-9ee3-e6bc794ae419", "value": "BlackEnergy3\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.W\nVT Total Detection:60/73\nFirst Submission:2014-08-26T01:10:54.000000+00:00\nLast Submission:2025-03-13T08:20:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760870", "uuid": "1075eaec-2029-4af2-844c-ba40a8b78815", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760870", "to_ids": true, "type": "md5", "uuid": "ea72a161-432a-4648-8b7d-56edef139fad", "value": "faab06832712f6d877baacfe1f96fe15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758073", "to_ids": true, "type": "sha1", "uuid": "a5fb4808-7d14-409e-ab5d-6cd9f11c689a", "value": "e3a02c96d2c7e61a74cb8bd6e63d130dfe98ce95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758074", "to_ids": true, "type": "sha256", "uuid": "9d9efe3f-8796-4a9e-a60c-391e3c1ba02a", "value": "d436eb0f025deb07719ecb98ddfc16dcbfed9d3045669d6d36f904dd7c761123", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754323", "to_ids": true, "type": "ssdeep", "uuid": "55d318b3-86cc-469c-b71e-4ed8fed3a311", "value": "768:ZVPQrSRefTPhjAU6EgrbuVzjzkh8aPwAv2HBaNZHifA9iDCSxN:XoGerpMU6FrbuVfa8BrcH0DC4N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754323", "to_ids": false, "type": "size-in-bytes", "uuid": "5306b9ac-5599-4902-baf6-ea26f19bd0a2", "value": "44544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754323", "to_ids": true, "type": "vhash", "uuid": "0b84c200-8688-4f17-b9b8-0caceebd2553", "value": "1440467555151080105001c00837z3065z52z8003cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754323", "to_ids": true, "type": "filename", "uuid": "12260656-9cc0-4cdc-981a-765c6a45d116", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754323", "to_ids": false, "type": "text", "uuid": "b2fa32f0-639e-417c-b662-2aca0b2914b2", "value": "BlackEnergy3\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:61/73\nFirst Submission:2014-08-23T07:34:30.000000+00:00\nLast Submission:2025-03-13T08:21:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760892", "uuid": "948c2efa-544f-4052-8267-5be1d37292d0", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760892", "to_ids": true, "type": "md5", "uuid": "c61e2cd6-71a7-4cc5-8bf7-e6d33949710b", "value": "2c72ef155c77b306184fa940a2de3844", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758074", "to_ids": true, "type": "sha1", "uuid": "281b6638-2945-4291-8077-26a4a5c5dd6a", "value": "abb52394aa4f753a479c7edc2dc6ceb6f0dbee33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758074", "to_ids": true, "type": "sha256", "uuid": "f5dbc1e2-4270-456c-85bf-ba85201e5fab", "value": "6d4d0715b274bd8331e67b064416e0806d1c0941930ba9ee6e4bac0eb360f7e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754344", "to_ids": true, "type": "ssdeep", "uuid": "5e902f07-e8f7-4aa7-a8c1-ce4b0ce58dda", "value": "1536:Vl151zD5aMHPlJbORzyliZb1/Kt2rqIGWaJtYfXJq:VbP3JbAOMZb1/KsuG0CXJq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754344", "to_ids": false, "type": "size-in-bytes", "uuid": "8cbb4023-e583-4f31-8830-61546d42abb1", "value": "95744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754344", "to_ids": true, "type": "vhash", "uuid": "71c52f13-762e-4e32-b5c4-0a2b7a248209", "value": "0940366515109043z8003b7z47z62z3e03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754344", "to_ids": true, "type": "filename", "uuid": "e1b64eb8-ba0e-41c7-8b81-47802322fe2a", "value": "abb52394aa4f753a479c7edc2dc6ceb6f0dbee33.codex" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754344", "to_ids": false, "type": "text", "uuid": "8dae47c1-c358-4360-8a61-68b4433d0e09", "value": "BlackEnergy3\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Sisproc!gmb\nVT Total Detection:61/73\nFirst Submission:2014-08-26T00:47:08.000000+00:00\nLast Submission:2025-03-13T08:06:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760913", "uuid": "56ef704e-c0da-4462-b4d5-ec2ad0e664a7", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760913", "to_ids": true, "type": "md5", "uuid": "c9ea2c1a-a143-4d4d-915b-14985d4a0403", "value": "2e62e8949d123722ec9998d245bc1966", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758076", "to_ids": true, "type": "sha1", "uuid": "e56d11d1-0fa3-4d19-bff3-2b683eaf9749", "value": "6a0904e9e50f7f5f6eff0f7b1ff76901e76040fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758076", "to_ids": true, "type": "sha256", "uuid": "9aa63681-4049-43e8-962e-3c1a66ae34f6", "value": "5ce1bb3d0c2f643292367a85fb59ff263396dc93a5c005bc2db33863ef9c9114", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754366", "to_ids": true, "type": "ssdeep", "uuid": "4c07e88f-090d-40a7-9897-e2d62ffb9f2f", "value": "768:hlkFFc1ZAZvgOVFYOx8aPwAv2HzaNZHifA9iDCSMN:hWETO7KOx8BrqH0DC1N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754366", "to_ids": false, "type": "size-in-bytes", "uuid": "83f244a8-8fce-4d23-855b-d967e5d56ed8", "value": "44544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754366", "to_ids": true, "type": "vhash", "uuid": "437f5509-cae4-496b-96a6-a734159f87eb", "value": "1440467555151080105001c00837z3065z52z8003cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754366", "to_ids": true, "type": "filename", "uuid": "9f4b3528-47b5-4aa0-bc95-78f2384b377b", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 12/06/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754366", "to_ids": false, "type": "text", "uuid": "c80287a2-3a51-4303-a625-98b708e80550", "value": "BlackEnergy3\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:61/72\nFirst Submission:2014-08-23T07:32:12.000000+00:00\nLast Submission:2025-03-13T08:23:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760934", "uuid": "ac5af91f-8a52-4d73-96ba-6e6374826ce4", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760934", "to_ids": true, "type": "md5", "uuid": "4203ccd9-6f1e-450c-939a-3bb90728bbf0", "value": "b0dc4c3402e7999d733fa2b668371ade", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758077", "to_ids": true, "type": "sha1", "uuid": "ae572cac-9c8b-4107-a44d-ec02b87755c6", "value": "2ff3b1e5a310983f7dd81daad89e9f1ba262a0e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758077", "to_ids": true, "type": "sha256", "uuid": "8720f9b3-b3c9-4733-98ec-213dbaa8d31b", "value": "0f63c8f8f080aff491ffb5bb4fcbb23a4719f86df9435e06af42f835b31dc79b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754388", "to_ids": true, "type": "ssdeep", "uuid": "2d9ed6ce-5ea8-4bff-abc8-c3d9ee19020c", "value": "1536:yiNwBoi0SO4IAY/NyUalEEiGNgEjStwf31ZOjaln/qjPJI2xkDhvHbt+U9:yiZix7rY/wPE3EjSqvb22uPF4hv7tF9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754388", "to_ids": false, "type": "size-in-bytes", "uuid": "cb0cc9d6-96d9-43b9-b92a-8e211bd7564b", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754388", "to_ids": true, "type": "vhash", "uuid": "e73ae157-209a-482b-9c8d-90905bb23d99", "value": "015046655d1513z14z65hz13z9fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754388", "to_ids": true, "type": "filename", "uuid": "7e49e74e-59fd-4d24-816d-1a8a559e7249", "value": "CHMView.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754388", "to_ids": false, "type": "text", "uuid": "8a165f52-5cf3-49b0-82b4-6f427c3f4a4a", "value": "BlackEnergy3\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.W\nVT Total Detection:57/73\nFirst Submission:2014-09-08T19:44:31.000000+00:00\nLast Submission:2025-03-13T08:02:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760955", "uuid": "aae65eb7-2511-4d87-bdc0-f578d7ff3efe", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760955", "to_ids": true, "type": "md5", "uuid": "0c551923-767c-40cd-af19-faa3c9760975", "value": "93fa40bd637868a271002a17e6dbd93b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758078", "to_ids": true, "type": "sha1", "uuid": "1369101e-602d-4a39-8d8f-c59e9de290ee", "value": "64a685ac62b23c5a2f7cf649d2a1693cb981b471", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758078", "to_ids": true, "type": "sha256", "uuid": "c5931697-9a5d-457a-ad36-46364d4f5c82", "value": "9743393ed424fd5125dbf76cc465ec4203327d0e4b289e4c73e9d454e76f87b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754410", "to_ids": true, "type": "ssdeep", "uuid": "fa05cd72-a292-45bd-b004-6752d5e39d86", "value": "768:R0Yj6NZDAgWmuyEJyFzmHnNumlR2GZ+IK8aPwAv2HZa7ZHifA9iDCSBN:R7rm1FzmHnNuonlK8BraH0DCEN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754410", "to_ids": false, "type": "size-in-bytes", "uuid": "c874077e-9053-4827-8661-26a1869be6c8", "value": "44544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754410", "to_ids": true, "type": "vhash", "uuid": "068ce219-a175-4972-a901-07d60c2295be", "value": "1440467555151080105001c00837z3065z52z8003cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754410", "to_ids": true, "type": "filename", "uuid": "fa3d8f7d-8b60-4a0a-a884-4bccde58f95c", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 22/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754410", "to_ids": false, "type": "text", "uuid": "7b6754e1-1b66-49f6-bb13-93596392b5b2", "value": "BlackEnergy3\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:62/73\nFirst Submission:2014-09-08T19:14:30.000000+00:00\nLast Submission:2025-03-13T08:29:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760977", "uuid": "fec31c1b-3abd-4526-9019-69f2a3ff189c", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760977", "to_ids": true, "type": "md5", "uuid": "5ee997d4-a031-4d12-93e5-20ec0218c470", "value": "f98abf80598fd89dada12c6db48e3051", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758079", "to_ids": true, "type": "sha1", "uuid": "81f1f24b-fd81-4ed3-9df2-aa3673f58412", "value": "306654422bb2c4af6b8e30ddc2fb7c60cc1fb9f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758079", "to_ids": true, "type": "sha256", "uuid": "a9e68dda-2e64-416a-a737-c346221aa13d", "value": "ab2e3874007dab0cb26ddcf8d58b821b4f5924751a75850b568cd48dd6be9519", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754432", "to_ids": true, "type": "ssdeep", "uuid": "c2a5706e-c55f-419c-ae19-ae47f2a83d98", "value": "768:2JAMjU6e14RhvwKHvPvPD4UfHbVF9FP68aPwAv2Hta7ZHifA9iDCSEN:yNf5vwKXX8Uf7j68BrWH0DCdN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754432", "to_ids": false, "type": "size-in-bytes", "uuid": "a22c76bd-18ba-4539-88ec-af14ee6cf72d", "value": "44032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754432", "to_ids": true, "type": "vhash", "uuid": "6262e4df-28d1-4a52-9650-3dae51b57291", "value": "1440467555151080105001c00837z3065z52z8003cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754432", "to_ids": true, "type": "filename", "uuid": "6d8755e2-9732-4b2b-bdcd-fbee6815a326", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754432", "to_ids": false, "type": "text", "uuid": "79c81cea-dc6d-477d-8437-9b3bfb869db2", "value": "BlackEnergy3\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:60/73\nFirst Submission:2014-09-02T09:23:10.000000+00:00\nLast Submission:2025-03-13T08:08:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771760998", "uuid": "53869195-3746-45fd-86c5-2b1967a76dab", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771760998", "to_ids": true, "type": "md5", "uuid": "f2dc36a4-72cf-48de-bae1-c92bf03b7f55", "value": "8a7c30a7a105bd62ee71214d268865e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758081", "to_ids": true, "type": "sha1", "uuid": "b4fbb7fd-9732-46ac-92ae-60d8ede75cba", "value": "61a6d618bb311395d0db3a5699a1ab416a39d85b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758081", "to_ids": true, "type": "sha256", "uuid": "05b18409-e015-4f6b-a50f-88ffab28c438", "value": "0fda6c118fb7dc946440cb9225e32ab1825d87d4f088bb75a6eab7cef35433bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754454", "to_ids": true, "type": "ssdeep", "uuid": "679507f0-5c78-4a85-a6c4-bdb6fb4dd656", "value": "3072:iZqJoYqOcMejjcRpyNrKjan4L2IUhv7tF9:2NMkJNeKFN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754454", "to_ids": false, "type": "size-in-bytes", "uuid": "d066ab2f-bdc8-4718-9251-30fb3b20d6ec", "value": "108544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754454", "to_ids": true, "type": "vhash", "uuid": "1d598bd6-0155-436f-9505-478e1e31fdfe", "value": "015046655d1513z14z65hz13z9fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754454", "to_ids": true, "type": "filename", "uuid": "0c61f448-db97-4ef8-a1a3-429e18f9efe0", "value": "CHMView.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 02/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754454", "to_ids": false, "type": "text", "uuid": "aa5f8c6f-358c-41a2-93a1-2fd1dd072270", "value": "BlackEnergy3\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.X\nVT Total Detection:61/72\nFirst Submission:2014-09-20T12:37:52.000000+00:00\nLast Submission:2020-09-23T11:55:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771761019", "uuid": "fd639fda-e712-4b52-82df-e91e4adc2e65", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771761019", "to_ids": true, "type": "md5", "uuid": "7cc46193-1582-4bce-a567-01189ec0331b", "value": "2f6582797bbc34e4df47ac25e363571d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758082", "to_ids": true, "type": "sha1", "uuid": "2c819529-b1eb-4a8b-ae7e-e46ade589fd8", "value": "9eb478c4d222f9630139aa82f343083e8ca13f11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758082", "to_ids": true, "type": "sha256", "uuid": "08a0d407-a500-4781-a562-3db60bf36f18", "value": "3c568ecf5d91867a5ea69c8ba8a2a6536bfb7c4cd2072bd3688b9aedb6177ae4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754476", "to_ids": true, "type": "ssdeep", "uuid": "aa38749b-1a07-46c6-a02a-a249f86ef293", "value": "768:RluXf6UXlm4VcuTHhJUNTwnLKz97/8aPwAv2HTabZHifA9iDCSaN:Ro6UXllnTHheNB8BrUH0DCjN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754476", "to_ids": false, "type": "size-in-bytes", "uuid": "131f4885-ce32-4e83-8ae7-020d2368c42c", "value": "45568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754476", "to_ids": true, "type": "vhash", "uuid": "398c542f-f4c4-42b9-8fc5-d8bcca8e2eaa", "value": "144056755515151080105001c00837z37z52z8003cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754476", "to_ids": true, "type": "filename", "uuid": "bfff19e5-09d3-4f6f-b0c3-2e6ecc0e0b61", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 15/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754476", "to_ids": false, "type": "text", "uuid": "2dd7e63e-c205-4f0b-97a0-6c942abc9207", "value": "BlackEnergy3\r\nType Description: Win32 DLL\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:63/73\nFirst Submission:2014-09-20T08:47:39.000000+00:00\nLast Submission:2025-03-13T07:45:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771761041", "uuid": "ddeb6e0e-3c68-48e0-aa60-1154be9e1d7a", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771761041", "to_ids": true, "type": "md5", "uuid": "1391385a-9ba5-43a7-bf9e-192cb36b722a", "value": "81d127dd7957e172feb88843fe2f8dc1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758083", "to_ids": true, "type": "sha1", "uuid": "c253f8e2-f1c4-4876-9ae9-2823a0f6b11a", "value": "5f69122af9b8a3f941b4c548b09ea32e98199d22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758083", "to_ids": true, "type": "sha256", "uuid": "2234ae1e-cca0-4fbc-a42d-41a16a406f60", "value": "d9845fc01e8164c4f2f70aade82bddba331cb7a386bebd81fc715d12b893fb7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754498", "to_ids": true, "type": "ssdeep", "uuid": "1b01e611-4adf-47e0-8ba5-0f40c2a244ab", "value": "1536:OkTt5bhnWcjGWKfHRxEnKrZESnnPR8pr+iG14SsTm/XJv:J5bhnWGdUHnEnKlrnOKDskXJv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754498", "to_ids": false, "type": "size-in-bytes", "uuid": "2ea34e92-9163-49f6-beb4-f24e46fb0cbb", "value": "82944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754498", "to_ids": true, "type": "vhash", "uuid": "0cdbb411-3f39-4331-8c8a-c06d2fb582c1", "value": "0840366555109043z8003b7z47z62z3e03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754498", "to_ids": true, "type": "filename", "uuid": "5924c372-6f70-496b-b164-9b59ef0e634f", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 24/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754498", "to_ids": false, "type": "text", "uuid": "d78aaf43-e53f-465a-b26f-abb877edc77e", "value": "BlackEnergy3\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Grenerb.B\nVT Total Detection:58/72\nFirst Submission:2014-10-10T23:50:47.000000+00:00\nLast Submission:2025-03-13T08:27:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771761062", "uuid": "1761a311-dac6-4966-aa1a-980fa37ece91", "Attribute": [ { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771761062", "to_ids": true, "type": "md5", "uuid": "80e25418-41c9-45da-9149-230fe40b4872", "value": "3e25544414030c961c196cea36ed899d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771758084", "to_ids": true, "type": "sha1", "uuid": "afb66804-2b85-43ff-bf22-2fa6ecb8e95b", "value": "68cc3cd5433101a9e3ad5cb7e483130e659e4af2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "BlackEnergy3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771758084", "to_ids": true, "type": "sha256", "uuid": "a0d7fcc0-54c3-4066-ba54-c672d28c861d", "value": "23f9272cb2f08dfe5c847ba7764d003310d26585b22ebd1d8d77935907474235", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771754519", "to_ids": true, "type": "ssdeep", "uuid": "60844289-d863-4434-89d4-2ff8d77f1600", "value": "768:Mm5y8CX0NuFVzIa6uDVlzE533JT8IRLqwAfiIhoGpPnC:a5XguLH6uVlzY33LRLlNILPnC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771754519", "to_ids": false, "type": "size-in-bytes", "uuid": "4799f6fb-1744-4344-889e-194c492049e3", "value": "43520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771754519", "to_ids": true, "type": "vhash", "uuid": "06e65db2-e688-4bad-8b90-4e998f90ccb9", "value": "044046751515109043z800467z47z62z4403cz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771754519", "to_ids": true, "type": "filename", "uuid": "d4f099a9-4c10-4fef-8f33-cb5b23a257c7", "value": "msiexec.exe" }, { "category": "Other", "comment": "Checked: 22/02/2026\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771754519", "to_ids": false, "type": "text", "uuid": "87aa4571-9cd6-4a87-b02e-8904ea707c04", "value": "BlackEnergy3\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Phdet.V\nVT Total Detection:56/73\nFirst Submission:2014-10-10T23:53:35.000000+00:00\nLast Submission:2025-03-13T08:28:00.000000+00:00" } ] } ] } }