{ "Event": { "analysis": "1", "date": "2017-09-20", "extends_uuid": "", "info": "[Threat Intel] Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware", "protected": false, "publish_timestamp": "1772419527", "published": true, "threat_level_id": "2", "timestamp": "1772419525", "uuid": "d5fd014a-aa75-47aa-8968-58e4668bae94", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Mandiant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT33\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"South Korea\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Petrochemical\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-groups=\"APT33\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771885237", "to_ids": false, "type": "link", "uuid": "d1ad36c3-2ca2-49e1-a2b5-4f4d0db7467c", "value": "https://cloud.google.com/blog/topics/threat-intelligence/apt33-insights-into-iranian-cyber-espionage/" }, { "category": "Network activity", "comment": "APT33 Domains Likely Used in Initial Targeting", "deleted": false, "disable_correlation": false, "timestamp": "1771886732", "to_ids": true, "type": "hostname", "uuid": "128914cd-0b6e-4851-b100-89da8cb20eb5", "value": "boeing.servehttp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains Likely Used in Initial Targeting", "deleted": false, "disable_correlation": false, "timestamp": "1771886754", "to_ids": true, "type": "hostname", "uuid": "c571c765-15a3-4703-aafe-1dbc7000c649", "value": "alsalam.ddns.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains Likely Used in Initial Targeting", "deleted": false, "disable_correlation": false, "timestamp": "1771886776", "to_ids": true, "type": "hostname", "uuid": "5f492ff8-4eae-4b30-8893-7f6fc13dd8de", "value": "ngaaksa.ddns.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains Likely Used in Initial Targeting", "deleted": false, "disable_correlation": false, "timestamp": "1771886797", "to_ids": true, "type": "hostname", "uuid": "863412e4-94f4-46db-9024-75c6a4ddc4d1", "value": "ngaaksa.sytes.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains Likely Used in Initial Targeting", "deleted": false, "disable_correlation": false, "timestamp": "1771886818", "to_ids": true, "type": "hostname", "uuid": "d8db1dbb-cbd4-467a-a1c6-9af5fd2a2f5b", "value": "vinnellarabia.myftp.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains / IPs Used for C2", "deleted": false, "disable_correlation": false, "timestamp": "1771886840", "to_ids": true, "type": "domain", "uuid": "053f01e0-097b-4760-957d-d622f7aa1e82", "value": "managehelpdesk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains / IPs Used for C2", "deleted": false, "disable_correlation": false, "timestamp": "1771886861", "to_ids": true, "type": "domain", "uuid": "32ddea96-4c65-427a-a71c-865371670f06", "value": "microsoftupdated.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains / IPs Used for C2", "deleted": false, "disable_correlation": false, "timestamp": "1771886883", "to_ids": true, "type": "domain", "uuid": "1d47c70c-af13-4bb3-94f3-d4a0f5eb9089", "value": "osupd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains / IPs Used for C2", "deleted": false, "disable_correlation": false, "timestamp": "1771886904", "to_ids": true, "type": "hostname", "uuid": "e216674f-a733-44d8-a1c8-f91d21714117", "value": "mywinnetwork.ddns.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains / IPs Used for C2", "deleted": false, "disable_correlation": false, "timestamp": "1771886926", "to_ids": true, "type": "hostname", "uuid": "f07f5c4e-9ccf-4002-8493-8b49a052a101", "value": "www.chromup.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains / IPs Used for C2", "deleted": false, "disable_correlation": false, "timestamp": "1771886947", "to_ids": true, "type": "hostname", "uuid": "3f45b7d9-b7ab-439c-ac0b-4ea6916cb131", "value": "www.securityupdated.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains / IPs Used for C2", "deleted": false, "disable_correlation": false, "timestamp": "1771886968", "to_ids": true, "type": "domain", "uuid": "2e4d5cdd-df44-4f77-a905-a70242ab7f73", "value": "googlmail.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains / IPs Used for C2", "deleted": false, "disable_correlation": false, "timestamp": "1771886990", "to_ids": true, "type": "domain", "uuid": "a4c137cd-1bec-4569-adee-938125d63130", "value": "microsoftupdated.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains / IPs Used for C2", "deleted": false, "disable_correlation": false, "timestamp": "1771887011", "to_ids": true, "type": "hostname", "uuid": "9e5ffdae-84ba-44f9-9664-47aa377e9c2e", "value": "syn.broadcaster.rocks", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "APT33 Domains / IPs Used for C2", "deleted": false, "disable_correlation": false, "timestamp": "1771887033", "to_ids": true, "type": "hostname", "uuid": "2f44c930-a063-4813-aaf0-99079e50dfca", "value": "www.googlmail.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887054", "uuid": "50a68a21-23db-4f52-bf85-457fa6e015be", "Attribute": [ { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887054", "to_ids": true, "type": "md5", "uuid": "c913986c-81d6-4c5b-92a0-8a68cd969f80", "value": "3f5329cf2a829f8840ba6a903f17a1bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886682", "to_ids": true, "type": "sha1", "uuid": "b7d3e9fd-23fb-4eee-99e9-e6e7928a4af2", "value": "2ca10a4119848fbd31c5682f2c85d09033fe2384", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886682", "to_ids": true, "type": "sha256", "uuid": "346c9416-0c47-420f-adbc-a84be163b80c", "value": "f155d2652aba7a9d044cd168a1e9b6c9ba56258fb553c7aba9c78d7c332a986f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885757", "to_ids": true, "type": "ssdeep", "uuid": "7bf85693-6a1f-436f-a09c-1430a139dfe6", "value": "12288:8uEy7X8MBatKWaSvzGb8QB6TvVMSW0kgMfTX2LolykCjJ:Gyj8MBw2IzA0TvVMS1MtUrV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885757", "to_ids": false, "type": "size-in-bytes", "uuid": "05f2196b-9b39-4096-938c-f476f5ff542a", "value": "612352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885757", "to_ids": true, "type": "vhash", "uuid": "26046407-e394-4465-95b8-72ee975b0e51", "value": "265036655512107c633a72102" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885757", "to_ids": true, "type": "filename", "uuid": "acb88e9a-a588-411c-a613-bcc4fc7e7f3b", "value": "Chrome Update.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885757", "to_ids": false, "type": "text", "uuid": "e3382cf4-0cb9-4448-9c96-a1e3d61c5996", "value": "Publicly Available Tools used by APT33\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/Noancooe\nVT Total Detection:60/72\nFirst Submission:2017-01-18T05:50:56.000000+00:00\nLast Submission:2023-06-04T23:10:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887076", "uuid": "a336a703-b10d-4d3d-b638-1cea78e5641f", "Attribute": [ { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887076", "to_ids": true, "type": "md5", "uuid": "32949c89-5a6d-4e71-835d-f4379cf8a754", "value": "10f58774cd52f71cd4438547c39b1aa7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886684", "to_ids": true, "type": "sha1", "uuid": "a75436c4-9274-4dbc-a94b-7e27325f4b34", "value": "59ee1803f381531ddefdc09219e551e13147c26f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886684", "to_ids": true, "type": "sha256", "uuid": "d5c29383-cc76-4e44-ac0f-2884a6a5d2f4", "value": "f8d081c047c4d283d2982dd3284d815ad7c58e0fedf8ebfb4993c919c7fb21da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885780", "to_ids": true, "type": "ssdeep", "uuid": "b224fb6b-47e3-4575-8404-10abcc91ee07", "value": "3072:uPNGxQM8Q2yPKSRV9VuEy3JnFImUujbA+i1apSVsarxxdYQLt3U:oRySSZ/ytFHb5jOsarPm6lU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885780", "to_ids": false, "type": "size-in-bytes", "uuid": "8611f06d-1790-45f9-bb2e-c96b703358e5", "value": "133632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885780", "to_ids": true, "type": "vhash", "uuid": "74a0f264-12c1-417e-8e15-5824e0ed768e", "value": "215036651511709a3a1160150" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885780", "to_ids": true, "type": "filename", "uuid": "ff127d72-37cc-410a-a58d-cbbbafd7403a", "value": "Client.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885780", "to_ids": false, "type": "text", "uuid": "a2051b7f-0a66-4631-9cfb-ff22b0d6b2b0", "value": "Publicly Available Tools used by APT33\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/Nanocore!atmn\nVT Total Detection:64/72\nFirst Submission:2017-03-30T05:46:26.000000+00:00\nLast Submission:2022-12-25T08:28:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887097", "uuid": "cf8e55e7-2bd9-4683-b1e1-f04867bb4ad6", "Attribute": [ { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887097", "to_ids": true, "type": "md5", "uuid": "604c0470-3415-4402-9577-b548cf5bc3f0", "value": "663c18cfcedd90a3c91a09478f1e91bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886685", "to_ids": true, "type": "sha1", "uuid": "3e59c466-6d7b-4e40-bdc9-c796fdeb4e4b", "value": "e1d4312eb03b7aa50693a87057f7dc434d04ec3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886685", "to_ids": true, "type": "sha256", "uuid": "3fcd6ed6-9410-4fb3-b737-a9f1b1106ddb", "value": "8da0100edaf820a26a4ea5db48e56fda545e3b54ac919cbb776926133510dbc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885801", "to_ids": true, "type": "ssdeep", "uuid": "675aac44-5c25-4503-8a29-13f369e19e14", "value": "6144:oQxJJeNfXT90cPaSfX1z2fnwFJAjufUbxztSzOK14NGZ2:dmWfSfx2fwTGkyRSzOK14a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885801", "to_ids": false, "type": "size-in-bytes", "uuid": "88b12078-773c-484a-8ae3-e8dab8bca46d", "value": "395264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885801", "to_ids": true, "type": "vhash", "uuid": "673cb4ef-5b51-4989-a57d-f6bd8c8770f4", "value": "235036751512101013a33fd14f0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885801", "to_ids": true, "type": "filename", "uuid": "3c69115a-b0fe-49ec-bc70-501f170ba760", "value": "FileApp.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885801", "to_ids": false, "type": "text", "uuid": "0386a898-8213-49c8-a058-411369002833", "value": "Publicly Available Tools used by APT33\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!MSR\nVT Total Detection:57/72\nFirst Submission:2016-07-18T15:32:31.000000+00:00\nLast Submission:2022-09-04T09:09:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887118", "uuid": "d52d31c9-8f4b-4fba-8e8a-827e1e4b740e", "Attribute": [ { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887118", "to_ids": true, "type": "md5", "uuid": "c80c29db-d035-48f0-b45f-cff096174859", "value": "6f1d5c57b3b415edc3767b079999dd50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886686", "to_ids": true, "type": "sha1", "uuid": "3bf21652-f293-465c-b6d7-fd28013599d4", "value": "4c93812daff305a4a9942613f0a9f2ee2120d187", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Publicly Available Tools used by APT33", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886686", "to_ids": true, "type": "sha256", "uuid": "f4cbb633-56aa-4afd-9647-a49470af8591", "value": "f9f90557fca9b219f73f55e987ba8d5ff40e623143a3a05c77287634a9708486", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885823", "to_ids": true, "type": "ssdeep", "uuid": "6f118d52-8f9a-4e6b-9950-e5e9ea21ead7", "value": "6144:X6d30w6+NhJWgmRA5OzXlppA4ro/R+nXEUiwgk86mCdyEFN2:X6d16HA5OzxroAnXEjY86HlN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885823", "to_ids": false, "type": "size-in-bytes", "uuid": "2b962932-7741-48cf-9960-c30575e24e81", "value": "388096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885823", "to_ids": true, "type": "vhash", "uuid": "3d688709-2b9d-4c3d-a54b-b9c051b7a75d", "value": "235036751512609127837901e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885823", "to_ids": true, "type": "filename", "uuid": "85826146-ca81-4bd8-af97-e4bc426e3e4e", "value": "File .exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885823", "to_ids": false, "type": "text", "uuid": "9f38b388-709f-4387-b091-3d2f4e1927cb", "value": "Publicly Available Tools used by APT33\r\nType Description: Win32 EXE\nMicrosoft: TrojanSpy:Win32/Skeeyah.A!rfn\nVT Total Detection:58/72\nFirst Submission:2016-06-24T16:52:45.000000+00:00\nLast Submission:2022-08-09T09:04:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887140", "uuid": "3bbb48e4-0df3-4a4c-96c0-783f8744709e", "Attribute": [ { "category": "Payload delivery", "comment": "DROPSHOT (drops SHAPESHIFT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887140", "to_ids": true, "type": "md5", "uuid": "b95fe009-3504-42dc-9fd9-43715d9569d2", "value": "0ccc9ec82f1d44c243329014b82d3125", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DROPSHOT (drops SHAPESHIFT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886688", "to_ids": true, "type": "sha1", "uuid": "e5cbf412-2de5-4607-8c5b-6130e9c52475", "value": "279ff728023eeaa1715403ec823801bf3493f5ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DROPSHOT (drops SHAPESHIFT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886688", "to_ids": true, "type": "sha256", "uuid": "781fb5c6-d81f-45a4-9ef0-9c2ff632f907", "value": "62aabce7a5741a9270cddac49cd1d715305c1d0505e620bbeaec6ff9b6fd0260", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885845", "to_ids": true, "type": "ssdeep", "uuid": "363cd478-4a4e-4eb7-9606-e6f4c557acf5", "value": "3072:v9EkH5M0x4Xaql2IGBDDwvUGNeHWBX5+PNzndF/wYLRsIa7SPwa2PbU5:hM0qtV7LfYzdFIYLRLjwlU5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885845", "to_ids": false, "type": "size-in-bytes", "uuid": "1fa0930d-e849-4f20-a042-cab59d3334cd", "value": "195072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885845", "to_ids": true, "type": "vhash", "uuid": "7cc8c002-c59b-4eff-aa16-a130fb604c60", "value": "015056655d15756024z21z56mz3efz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885845", "to_ids": true, "type": "filename", "uuid": "07144cb6-c094-4add-8e41-1dc2b062052e", "value": "62aabce7a5741a9270cddac49cd1d715305c1d0505e620bbeaec6ff9b6fd0260.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885845", "to_ids": false, "type": "text", "uuid": "88ef5fa2-185c-4cc7-8ec4-72d079753534", "value": "DROPSHOT (drops SHAPESHIFT)\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Cadlotcorg.A!dha\nVT Total Detection:64/72\nFirst Submission:2016-11-29T19:43:29.000000+00:00\nLast Submission:2024-07-17T03:38:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887163", "uuid": "f162c31d-7d73-497b-926f-a3545d958494", "Attribute": [ { "category": "Payload delivery", "comment": "DROPSHOT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887163", "to_ids": true, "type": "md5", "uuid": "ba5ce7eb-d522-4e39-895b-bc7820fa768f", "value": "fb21f3cea1aa051ba2a45e75d46b98b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DROPSHOT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886689", "to_ids": true, "type": "sha1", "uuid": "77ff2645-1ea3-41d3-8ee2-d7ebb20e842a", "value": "0a4ffce8f301546100d7b00ba017f5e24d1b2d9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DROPSHOT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886689", "to_ids": true, "type": "sha256", "uuid": "7c4a9416-acb5-4c6b-aa91-ac46ffab85cb", "value": "2bab3716a1f19879ca2e6d98c518debb107e0ed8e1534241f7769193807aac83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885867", "to_ids": true, "type": "ssdeep", "uuid": "5a88625f-a028-4ef8-bd2a-ee398a4ef121", "value": "3072:i9EkH5M0x4Xaql2IGBDDwvUGNeHWBX5+PNzndF/wYLRsIa7SPwa2P0U5:SM0qtV7LfYzdFIYLRLjw2U5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885867", "to_ids": false, "type": "size-in-bytes", "uuid": "b2d67de5-0ecb-419b-8974-ba125bb55f6b", "value": "195072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885867", "to_ids": true, "type": "vhash", "uuid": "0e113bea-cfbd-489c-8cef-fbf43a4e78be", "value": "015056655d15756024z21z56mz3efz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885867", "to_ids": true, "type": "filename", "uuid": "9fd2aaa4-c846-4c1c-a3fb-0ad77ef4d5d3", "value": "fb21f3cea1aa051ba2a45e75d46b98b8_vrdLBLxbV.ExE" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885867", "to_ids": false, "type": "text", "uuid": "cf1fcbab-fece-4202-b4d0-f2a5cbed2173", "value": "DROPSHOT\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Cadlotcorg.A!dha\nVT Total Detection:64/72\nFirst Submission:2016-11-27T04:15:25.000000+00:00\nLast Submission:2022-07-28T04:56:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887184", "uuid": "8cd7ec66-091a-4ee0-b693-d4d1693b096c", "Attribute": [ { "category": "Payload delivery", "comment": "SHAPESHIFT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887184", "to_ids": true, "type": "md5", "uuid": "1766a736-8003-4546-b311-bd009b34ff10", "value": "3e8a4d654d5baa99f8913d8e2bd8a184", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SHAPESHIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886691", "to_ids": true, "type": "sha1", "uuid": "18047769-8e21-44e8-b87d-5dfe101874b4", "value": "3ebc3c9361001414a26e1bccf74da3584835ae72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SHAPESHIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886691", "to_ids": true, "type": "sha256", "uuid": "0b3c9038-9aa2-4562-b330-293c1bee648c", "value": "2f877c623f7bc551d3906bda510e3468e8b87cd301dbb719e5d7c8721e4b2e62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885888", "to_ids": true, "type": "ssdeep", "uuid": "509fbec1-f5bd-4602-9f7d-92b648e97097", "value": "3072:D/U66Qe0DCYJpsPAjuMYgA/HyAg0FunBGq6HWg:bUtF0DCYaAjlA/SAOnlQWg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885888", "to_ids": false, "type": "size-in-bytes", "uuid": "14ffdcb7-1fa0-479e-a232-bb10714bf487", "value": "131072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885888", "to_ids": true, "type": "vhash", "uuid": "2cd1a907-9e41-4b29-9fe9-720de1c9048a", "value": "015066655d1d15156048z5bnzffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885888", "to_ids": true, "type": "filename", "uuid": "469d0873-9178-4bb3-9950-420ce9ad374e", "value": "DUMPFromDrill1.exe`_" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 18/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885888", "to_ids": false, "type": "text", "uuid": "500edb38-da32-4bed-8beb-6fad38815a4c", "value": "SHAPESHIFT\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Cadlotcorg.A!dha\nVT Total Detection:58/72\nFirst Submission:2017-03-08T15:50:19.000000+00:00\nLast Submission:2022-08-09T09:02:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887205", "uuid": "8b2dc8d7-f8bd-4ea7-a815-c5c1c79c8d92", "Attribute": [ { "category": "Payload delivery", "comment": "SHAPESHIFT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887205", "to_ids": true, "type": "md5", "uuid": "09f06603-fc2b-49c5-9269-2a7ef66d5428", "value": "6b41980aa6966dda6c3f68aeeb9ae2e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SHAPESHIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886692", "to_ids": true, "type": "sha1", "uuid": "53928e76-e5fb-49b6-86b2-d340ed385241", "value": "52a48132ffcf3ffba514068ea0533345c68cedaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SHAPESHIFT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886692", "to_ids": true, "type": "sha256", "uuid": "ee825629-548a-4ef6-90bc-931097c536ce", "value": "9988c5096811f08cbbeab711fce0b411516463213dd71373cb485c3f921ca578", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885910", "to_ids": true, "type": "ssdeep", "uuid": "5278f474-47c9-465d-80cb-694ccdae6d11", "value": "3072:t/U66Qe0DCYJpsPAjuMYgA/HyAg0FunBGq9HWg:dUtF0DCYaAjlA/SAOnlVWg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885910", "to_ids": false, "type": "size-in-bytes", "uuid": "34e455c4-1af5-4486-9bcc-cf7a01f5478c", "value": "151552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885910", "to_ids": true, "type": "vhash", "uuid": "f33e6e42-2ab4-4471-b286-cf1e5ca1654d", "value": "015066655d1d15155048z5bnzffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885910", "to_ids": true, "type": "filename", "uuid": "c688fb6c-6ddc-45b3-b845-337d57024b35", "value": "virussign.com_6b41980aa6966dda6c3f68aeeb9ae2e0.vir" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 18/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885910", "to_ids": false, "type": "text", "uuid": "ab9e736e-78e0-4439-9d6d-5a055b77ccf5", "value": "SHAPESHIFT\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Cadlotcorg.A!dha\nVT Total Detection:55/72\nFirst Submission:2017-03-14T17:33:42.000000+00:00\nLast Submission:2019-06-28T21:23:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887227", "uuid": "ef3288c1-c1c5-49aa-85d1-ddfa4d186a3f", "Attribute": [ { "category": "Payload delivery", "comment": "DROPSHOT (drops TURNEDUP)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887227", "to_ids": true, "type": "md5", "uuid": "ab940c57-839d-43b5-bcca-1b76fe15891c", "value": "8e67f4c98754a2373a49eaf53425d79a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DROPSHOT (drops TURNEDUP)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886694", "to_ids": true, "type": "sha1", "uuid": "405497b4-a617-46d3-b1a0-89d1388bc7eb", "value": "c35902497ec15c48fde130bf23f3d9e6f8f5527a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DROPSHOT (drops TURNEDUP)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886694", "to_ids": true, "type": "sha256", "uuid": "6dce2567-c888-451a-a30f-61252ccf3695", "value": "0752f86b7c1c2b053b3eb4f1b60c046bb114af56882f512b657728f14749cbc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885933", "to_ids": true, "type": "ssdeep", "uuid": "9020838b-1887-443c-9541-332392e57b13", "value": "3072:I55PWbdW3oGJQ+RDh5YPgZ5PoXuiphM8QAcb0g40G273RBOeUhGh0mi:uObdKJPNuo5lwZs73ph9i" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885933", "to_ids": false, "type": "size-in-bytes", "uuid": "5d697949-32cb-4e6f-a824-655c2e9980ee", "value": "227840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885933", "to_ids": true, "type": "vhash", "uuid": "5c5cab6f-39b7-4f91-b7cb-bd021e304ed5", "value": "025066655d1515756014z21z26mz3efz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885933", "to_ids": true, "type": "filename", "uuid": "635b0aa0-c5e2-4e19-9f1a-a834413c700d", "value": "CDROMWizardAPI.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885933", "to_ids": false, "type": "text", "uuid": "c61c7685-942c-4b28-aa0a-cf0a5feb5b13", "value": "DROPSHOT (drops TURNEDUP)\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!rfn\nVT Total Detection:65/72\nFirst Submission:2017-03-08T21:24:16.000000+00:00\nLast Submission:2023-05-24T07:53:15.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887248", "uuid": "82049d7f-f363-4d76-8e1d-e42147800813", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887248", "to_ids": true, "type": "md5", "uuid": "80d6b088-b121-470f-8d6d-97c9114e107a", "value": "c57c5529d91cffef3ec8dadf61c5ffb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886695", "to_ids": true, "type": "sha1", "uuid": "7127f52a-0eba-4c50-acbf-b521e10c8032", "value": "ad34f0546c46460459f13004ea1a49d698c244a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886695", "to_ids": true, "type": "sha256", "uuid": "66d450bb-f22f-480f-bef8-ab3610919d03", "value": "130aa7bd89aa4b68f1561d33bbd0068ad96abc0cd78c74cdc3eb89cf19076916", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885955", "to_ids": true, "type": "ssdeep", "uuid": "2c6ff0d4-b963-43e3-b3e4-9392d6806d97", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sX204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9s4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885955", "to_ids": false, "type": "size-in-bytes", "uuid": "18fc023b-831c-4db5-b7ba-3198fa0a33c2", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885955", "to_ids": true, "type": "vhash", "uuid": "439bbaf0-dc55-43a4-b3cf-f369077316a7", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885955", "to_ids": true, "type": "filename", "uuid": "ea8c01ba-0f24-43f3-8186-7304121118f4", "value": "malware 25_09_2017 (65)" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 18/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885955", "to_ids": false, "type": "text", "uuid": "938cabdb-73bd-421b-a487-7aa04bfd4cab", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:64/72\nFirst Submission:2017-04-03T10:35:08.000000+00:00\nLast Submission:2023-07-13T07:15:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887269", "uuid": "787cbc1e-0c75-479d-b77e-7da7f07eacf1", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887269", "to_ids": true, "type": "md5", "uuid": "77acc270-b26c-4d42-a4b9-806c3c6bf345", "value": "c02689449a4ce73ec79a52595ab590f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886696", "to_ids": true, "type": "sha1", "uuid": "bf1b55cf-0e83-403d-b081-6b865538797a", "value": "5908453afef391437c632ca0ce921dbf0c6e8bd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886696", "to_ids": true, "type": "sha256", "uuid": "bc8498ff-b1e3-4d04-931e-255b5fce3f21", "value": "5798aefb07e12a942672a60c2be101dc26b01485616713e8be1f68b321747f2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885977", "to_ids": true, "type": "ssdeep", "uuid": "6bc8b4ae-6354-494a-9435-4fc70a429ae6", "value": "6144:RlDoHtgdupnzKELHSM0zAAFFOQVJ3hAkToXTOnRnN/jxrUmNAXRDfSZ8cPiKqpr/:Uj87domKxSZ8LKqm31uQHTbJ/ERp4Q5D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885977", "to_ids": false, "type": "size-in-bytes", "uuid": "f6a393b7-fd94-47ae-b74e-1e7a845083c2", "value": "453561" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885977", "to_ids": true, "type": "vhash", "uuid": "a4f31865-e623-4f48-9d95-28cb9afaec3e", "value": "045076751d15155d5c101232z5600217z20b5z13z503dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885977", "to_ids": true, "type": "filename", "uuid": "6d357f04-62d2-4091-87d5-16110e8ad856", "value": "5798aefb07e12a942672a60c2be101dc26b01485616713e8be1f68b321747f2f.json" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885977", "to_ids": false, "type": "text", "uuid": "1aa9d60f-5ce0-4198-96bf-c3720c53720a", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!rfn\nVT Total Detection:62/72\nFirst Submission:2017-03-24T06:45:10.000000+00:00\nLast Submission:2023-06-15T07:12:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887291", "uuid": "dc94ea85-1fdb-4497-8db4-172908970afc", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887291", "to_ids": true, "type": "md5", "uuid": "c321c2a6-fe8b-43a6-878c-e190efaafa38", "value": "59d0d27360c9534d55596891049eb3ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886697", "to_ids": true, "type": "sha1", "uuid": "75384f08-ba93-42c7-b178-22cb2188ad5a", "value": "56a4224959e6cbfdac3886dbaed8bd38225f54cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886697", "to_ids": true, "type": "sha256", "uuid": "9b09965b-3d3c-45b4-9e9b-e8657af2215f", "value": "5af6852d124ebb6c0b6c938abbcf7ab595cbec08600d0fff528b0be179e3503d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771885998", "to_ids": true, "type": "ssdeep", "uuid": "c04bf7e2-deb1-458b-a69c-b9898a2f4ee9", "value": "6144:A16t9bpVMSElzRaC3ol2f6rdpDsNY6qaDpxtVKSI2iTSR6+sJN/giz:AMfbISs3f6rdpDsDqWpxtI2iTE6+sb/7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771885998", "to_ids": false, "type": "size-in-bytes", "uuid": "c0a80c73-4341-4564-af73-826be75e9b38", "value": "392192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771885998", "to_ids": true, "type": "vhash", "uuid": "f91d2da4-ea35-4b37-948e-6e313bd4e58f", "value": "035056655d15756az77mz145z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771885998", "to_ids": true, "type": "filename", "uuid": "bcbbfcbf-f784-4a81-a5fa-6455dd8db23f", "value": "59d0d27360c9534d55596891049eb3ef.vir" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771885998", "to_ids": false, "type": "text", "uuid": "7c210e29-9464-44b5-ad3c-2729bb9ddb55", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/StoneDrill.WE!MTB\nVT Total Detection:61/72\nFirst Submission:2016-09-20T02:38:05.000000+00:00\nLast Submission:2022-07-28T05:06:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887312", "uuid": "8d77d35a-3e00-498b-a774-152f4316aef0", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887312", "to_ids": true, "type": "md5", "uuid": "21495578-3095-4aa7-99a5-c9a0c4f656ec", "value": "797bc06d3e0f5891591b68885d99b4e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886698", "to_ids": true, "type": "sha1", "uuid": "681cfcea-dad4-463a-afb9-aec84d3f852f", "value": "cb2bddf2d8d9b7c86cd3ebeff99cae27c836edb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886698", "to_ids": true, "type": "sha256", "uuid": "65e68873-3949-4c51-9a2e-caf7b626e282", "value": "590bf61667c4e5de27f63f98c7d0ef30ab6330768b31c7ba96a6364193f41559", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886020", "to_ids": true, "type": "ssdeep", "uuid": "0db90b69-5cf2-41ec-9dc3-144a3756c438", "value": "6144:azhEnJJ5s5n0FYQ6ND0jY+6iVCCyhZwfHLYLLrc/kA+DB:azqa0uQ6NAjD6QCCyhZ8HLYg/kVB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886020", "to_ids": false, "type": "size-in-bytes", "uuid": "360172d2-5799-496f-8d86-ca930680abc1", "value": "408576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886020", "to_ids": true, "type": "vhash", "uuid": "66ce94ad-e74c-4386-a670-6f0397303984", "value": "045056656d15756055z900897z303013z22z185zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886020", "to_ids": true, "type": "filename", "uuid": "98bf768b-b0dc-4092-b057-74aca60cacdf", "value": "Qo7MBw3RyDDUNXO.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886020", "to_ids": false, "type": "text", "uuid": "c96c8f28-4448-4f8d-8146-6c396bef8c1c", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/StoneDrill.WE!MTB\nVT Total Detection:65/72\nFirst Submission:2016-06-29T19:05:59.000000+00:00\nLast Submission:2022-07-27T15:41:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887333", "uuid": "cd70379e-78a2-4618-a975-c21343acb255", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887333", "to_ids": true, "type": "md5", "uuid": "045673ec-b968-495d-acaa-40bfba37fce4", "value": "8e6d5ef3f6912a7c49f8eb6a71e18ee2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886698", "to_ids": true, "type": "sha1", "uuid": "5e21c907-42f0-4ebb-93db-214b0b107a06", "value": "d587f73f8cabe277037f9fa893517e1f6854b90a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886698", "to_ids": true, "type": "sha256", "uuid": "a2785a13-1070-4c95-bffa-a7313a2e373a", "value": "ca606d3502a16699085078ac1b566e4dff3271c0c157aed4d43c1cf23858c473", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886042", "to_ids": true, "type": "ssdeep", "uuid": "88ba94f6-aec2-486e-89d2-4e909a7788f0", "value": "6144:qzhEnJJ5s5n0FYQ6ND0jY+6iVCCyhZwfHLYLLrg/kA+sB:qzqa0uQ6NAjD6QCCyhZ8HLY0/kCB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886042", "to_ids": false, "type": "size-in-bytes", "uuid": "e9550d68-eb18-4dc8-8778-233fbae0e09e", "value": "408576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886042", "to_ids": true, "type": "vhash", "uuid": "888fde99-039f-46e2-9899-48dee81e2fe8", "value": "045056656d15756055z900897z303013z22z185zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886042", "to_ids": true, "type": "filename", "uuid": "5e84cda0-0865-4faa-9a39-75249e0793cc", "value": "UsBQF07V2HHYRbS.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886042", "to_ids": false, "type": "text", "uuid": "75915898-407d-4a1e-80e6-20d48d4b5b23", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/StoneDrill.WE!MTB\nVT Total Detection:61/72\nFirst Submission:2015-11-16T10:33:17.000000+00:00\nLast Submission:2022-08-09T08:57:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887354", "uuid": "9172e245-e883-4675-a0b6-4714a86cf83b", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887354", "to_ids": true, "type": "md5", "uuid": "a401b587-039d-45e8-a473-38df1a17d50a", "value": "32a9a9aa9a81be6186937b99e04ad4be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886700", "to_ids": true, "type": "sha1", "uuid": "9c686966-0522-47ff-93f8-b25df2cd4e3b", "value": "ddfb0dcb44eee32b693f42bb8e8be1c887233275", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886700", "to_ids": true, "type": "sha256", "uuid": "f3e31ce6-c3d8-403b-95c1-7a80c1fd52f6", "value": "bb23ddd3a9c353d2cd136f7d4a1f57fb846367e999a346bef0e6e830d4e1df07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886064", "to_ids": true, "type": "ssdeep", "uuid": "f0a2d1f3-3768-4faa-a7c0-0cdc93a506dd", "value": "6144:azhEnJJ5s5n0FYQ6ND0jY+6iVCCyhZwfHLYLLrt/kA+1B:azqa0uQ6NAjD6QCCyhZ8HLYh/kjB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886064", "to_ids": false, "type": "size-in-bytes", "uuid": "c1c0132c-abc7-41f2-b0a2-b4885c3a7a0f", "value": "408576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886064", "to_ids": true, "type": "vhash", "uuid": "bca02bf2-ef8d-44d3-b2df-deac44f15f33", "value": "045056656d15756055z900897z303013z22z185zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886064", "to_ids": true, "type": "filename", "uuid": "c4d251ba-530d-4557-a6b1-bd31ec1fbf75", "value": "bb23ddd3a9c353d2cd136f7d4a1f57fb846367e999a346bef0e6e830d4e1df07.json" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886064", "to_ids": false, "type": "text", "uuid": "d488c22a-30e0-425e-98c3-6b9ec35f5919", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/StoneDrill.WE!MTB\nVT Total Detection:61/72\nFirst Submission:2017-03-31T20:12:39.000000+00:00\nLast Submission:2023-05-24T07:51:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887376", "uuid": "d05dd97e-c94b-4263-8832-cd0fbfe4f864", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887376", "to_ids": true, "type": "md5", "uuid": "e8ad4dc9-2034-4b0d-b802-2296c10b52d5", "value": "a272326cb5f0b73eb9a42c9e629a0fd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886701", "to_ids": true, "type": "sha1", "uuid": "99cdd3ea-23d3-4efc-9ef3-558558094e1c", "value": "a0ad31c1654be77e33fcc2cb9e826ccd2ba7fc37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886701", "to_ids": true, "type": "sha256", "uuid": "02ca2e5b-5289-40b0-b124-35101f64929d", "value": "32bb9551de380397dee0e2e038297cf38abb30e883ca54cea166351b2e478af1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886085", "to_ids": true, "type": "ssdeep", "uuid": "c99de13e-8c76-4356-a148-77df51ea69ed", "value": "6144:1NQl9KNYZi+vrzBh9ITmVlJGKJZTmxJbFYHWz/Km/:1NQSWc+vXBhyS5ZCJB7KC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886085", "to_ids": false, "type": "size-in-bytes", "uuid": "f89ed3ce-e6af-4416-a1bb-97029b4dd113", "value": "315084" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886085", "to_ids": true, "type": "vhash", "uuid": "1ebf7067-df7d-498d-9878-cbbf9f8a4c48", "value": "035056655d15551az4bnz5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886085", "to_ids": true, "type": "filename", "uuid": "9732cd8d-6836-482a-9427-36edd19926d9", "value": "5S9D8" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 18/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886085", "to_ids": false, "type": "text", "uuid": "9b5b2444-e5cc-4388-8fc9-c345b4b3e26a", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot.A!dha\nVT Total Detection:62/72\nFirst Submission:2015-11-17T15:25:53.000000+00:00\nLast Submission:2022-12-17T07:06:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887397", "uuid": "e095b128-e93b-42e3-ac7c-ac401f21ac0b", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887397", "to_ids": true, "type": "md5", "uuid": "358a99a6-f731-42b2-a45c-42f8651bd5d2", "value": "a813dd6b81db331f10efaf1173f1da5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886703", "to_ids": true, "type": "sha1", "uuid": "bf02c72d-5d20-4d25-a3a3-5c2ad88ef8c4", "value": "8bae260727b12fd13b080824413b61f62dc3fc2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886703", "to_ids": true, "type": "sha256", "uuid": "958a4a48-7f21-4664-bdf7-de62902930f7", "value": "5578e0bcda52bd0fafdfc162556980b80a0269280214c0b61ee94cd18fb51d7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886108", "to_ids": true, "type": "ssdeep", "uuid": "0c9e8664-e737-4300-9e21-880554adc810", "value": "24576:dmZvRh5ZCmvuOkU7lcmUnvBMuVCMU+AQ2YqYytkSrH:dmZvb57vlk5mYBMGyRQ2NYytdrH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886108", "to_ids": false, "type": "size-in-bytes", "uuid": "eb629bd6-6d57-4c87-9a04-40ecc23e6003", "value": "1098586" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886108", "to_ids": true, "type": "vhash", "uuid": "5ed57225-7c60-4166-a00b-1d68b971b462", "value": "016056655d15651az4bnz5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886108", "to_ids": true, "type": "filename", "uuid": "34195090-cb87-43f1-a28c-8fd52c4995ae", "value": "5S9D8" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 18/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886108", "to_ids": false, "type": "text", "uuid": "fd2a889c-2d34-45cd-97b5-a22d6b9824e5", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot.A!dha\nVT Total Detection:63/72\nFirst Submission:2015-08-26T04:51:46.000000+00:00\nLast Submission:2022-11-10T17:16:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887419", "uuid": "34c37b0c-cbaf-45cf-9b2a-d4ee2d4f88e8", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887419", "to_ids": true, "type": "md5", "uuid": "4adb9e61-f98f-483e-b585-3291fec044ff", "value": "de9e3b4124292b4fba0c5284155fa317", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886703", "to_ids": true, "type": "sha1", "uuid": "e81986b8-20e3-46c1-a6ac-495ac24899f9", "value": "7719e4c4a792b63e81bd5fb46330f158ed13a614", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886704", "to_ids": true, "type": "sha256", "uuid": "aaea6c59-8685-4356-828e-8ba657789bd9", "value": "88d2590a801dc16c1c6e89094575a7e041681fa8b8799b81bb90b7ecf0d69fee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886130", "to_ids": true, "type": "ssdeep", "uuid": "fe1be6a0-c493-4cb0-8a04-195a5b88b499", "value": "6144:1NQlsKNYZi+vrzBh9ITmVlJGKJZTmxJbFYHv+c6F76V:1NQ1Wc+vXBhyS5ZCJBO+c84" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886130", "to_ids": false, "type": "size-in-bytes", "uuid": "fee656a1-3242-419c-8618-89b356b2e1e3", "value": "318780" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886130", "to_ids": true, "type": "vhash", "uuid": "2d1b8c02-53df-43d1-9082-7ee46e3b05e8", "value": "035056655d15551az4bnz5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886130", "to_ids": true, "type": "filename", "uuid": "7443c49c-b9cc-4869-bcf0-8550f68abd24", "value": "5S9D8" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 18/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886130", "to_ids": false, "type": "text", "uuid": "80006ae7-993c-466b-8964-62b8e1ea36bf", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot.A!dha\nVT Total Detection:61/72\nFirst Submission:2015-12-14T16:18:24.000000+00:00\nLast Submission:2022-12-17T06:35:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887440", "uuid": "580abc43-4939-4aeb-9ebf-7c7f6924ed27", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887440", "to_ids": true, "type": "md5", "uuid": "f141fe9c-5406-46ba-b828-b98cb1f55859", "value": "b3d73364995815d78f6d66101e718837", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886705", "to_ids": true, "type": "sha1", "uuid": "0a9b5f16-f1a4-4c29-9709-6425a869bd97", "value": "82a829cfa37150eeb335df613f25ab5455b9adac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886705", "to_ids": true, "type": "sha256", "uuid": "73d1ca49-2ae3-43f2-980c-3f26b6a3d78f", "value": "0f80b73706df263d337c4da52aad67c3699d1deea00aafe78e604d61a54c649d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886152", "to_ids": true, "type": "ssdeep", "uuid": "0e1cd651-9b31-4d38-8655-820b1511f702", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9s3204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886152", "to_ids": false, "type": "size-in-bytes", "uuid": "6c73b10f-5935-4cb3-a2ff-9ec3057cad5b", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886152", "to_ids": true, "type": "vhash", "uuid": "a5c2c2e6-8fb0-4ff6-a4e5-105c5edd4416", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886152", "to_ids": true, "type": "filename", "uuid": "92daa138-cb48-4254-a805-b4ee4fa6e714", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 13/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886152", "to_ids": false, "type": "text", "uuid": "bf23c7b1-0698-4055-869d-8a90c3543a7c", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:50/72\nFirst Submission:2017-05-16T14:02:23.000000+00:00\nLast Submission:2022-08-11T21:10:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887461", "uuid": "957e1030-9a9c-4749-81af-97ac5287c741", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887461", "to_ids": true, "type": "md5", "uuid": "c1ea55ff-ecfa-4f76-acfe-63b1b48d9f17", "value": "de7a44518d67b13cda535474ffedf36b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886706", "to_ids": true, "type": "sha1", "uuid": "5961a32f-53a0-4355-82dd-f7630f602834", "value": "9b26349be91deac2f824bf974a048b7d3981a446", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886706", "to_ids": true, "type": "sha256", "uuid": "d8d23970-6491-4450-8e02-afa1f18cde0a", "value": "a21c1b2d1956d6ec0f5cd4d5c4ba4b38877ac665afdef207b34887a480b3dbd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886175", "to_ids": true, "type": "ssdeep", "uuid": "0700b223-65eb-450a-8bd9-5c6e38bf49c1", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9s/204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886175", "to_ids": false, "type": "size-in-bytes", "uuid": "e1159b98-c2a7-456f-8c1f-31e7f261fd9b", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886175", "to_ids": true, "type": "vhash", "uuid": "ad7f23ee-f793-4ba6-b4b7-3afb50fd8b0f", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886175", "to_ids": true, "type": "filename", "uuid": "42b85ced-5db3-4f3c-8d3e-62873b4913b4", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 22/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886175", "to_ids": false, "type": "text", "uuid": "80bc2f75-7235-4e0c-8f68-0202edd1dd6d", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:64/72\nFirst Submission:2017-04-03T17:10:52.000000+00:00\nLast Submission:2017-04-03T17:10:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887482", "uuid": "c5fd9666-5204-449b-baa3-e75f2080c256", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887482", "to_ids": true, "type": "md5", "uuid": "a2566a28-886c-4ac4-b677-ff951f642b0d", "value": "b5f69841bf4e0e96a99aa811b52d0e90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886708", "to_ids": true, "type": "sha1", "uuid": "9bfc2a97-eee1-4c6a-8631-5b51a0a29b01", "value": "1c9b400be8b748d33b49a1f629455ec888887a33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886708", "to_ids": true, "type": "sha256", "uuid": "a2741f8d-4b0b-4277-bd57-b11d23eed753", "value": "c3e203b5b2ce79b6f30ea159a24964b227a4b648ae41e6a4ba9e05464e052517", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886197", "to_ids": true, "type": "ssdeep", "uuid": "dcdbef11-9e9e-4e82-baaa-47dff09f61b4", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sM204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9s1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886197", "to_ids": false, "type": "size-in-bytes", "uuid": "d8783721-a9d1-4d9d-8fef-9097d66ba798", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886197", "to_ids": true, "type": "vhash", "uuid": "f64d372d-fa68-410b-8463-7c04cf8f1e7c", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886197", "to_ids": true, "type": "filename", "uuid": "abeb9266-c8ce-4e39-96a7-273a1ff3ca9c", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886197", "to_ids": false, "type": "text", "uuid": "95acdf1b-02d4-4ca2-84ca-91400030b249", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:64/72\nFirst Submission:2017-04-06T06:10:16.000000+00:00\nLast Submission:2017-11-11T21:44:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887504", "uuid": "d43ffc82-7439-4b58-97ce-53a8dac023f3", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887504", "to_ids": true, "type": "md5", "uuid": "39095222-2c2b-444b-a65b-d654d819b720", "value": "a2af2e6bbb6551ddf09f0a7204b5952e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886709", "to_ids": true, "type": "sha1", "uuid": "f2b3561c-91db-4252-8846-363ec9c97702", "value": "71d6d55e449c95583297eee9309551c258d58862", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886709", "to_ids": true, "type": "sha256", "uuid": "fdfb873e-9775-45a1-b58e-00d6e8e3809b", "value": "d7b1085940f805eda332e90195db5b11b9cad679474e31ac496dbf8c30876db4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886218", "to_ids": true, "type": "ssdeep", "uuid": "21e1a938-0f30-4484-8372-30bc62fd7eb0", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sr204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886218", "to_ids": false, "type": "size-in-bytes", "uuid": "368a09b8-0e86-4c3a-8dde-a468e0ef51c1", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886218", "to_ids": true, "type": "vhash", "uuid": "e55daaa0-c719-4a37-adf4-c602f9c739e1", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886218", "to_ids": true, "type": "filename", "uuid": "ffb3fd04-de14-4503-87fc-559b2c7778a8", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886218", "to_ids": false, "type": "text", "uuid": "e1800ff8-eb39-4565-99bd-3085ac104255", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2017-04-08T01:21:44.000000+00:00\nLast Submission:2022-09-05T17:21:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887525", "uuid": "51c15e35-6664-4943-8ec0-d683b3cfef14", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887525", "to_ids": true, "type": "md5", "uuid": "83e2fc59-a4e8-4e5a-a99c-387b1de36102", "value": "b189b21aafd206625e6c4e4a42c8ba76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886710", "to_ids": true, "type": "sha1", "uuid": "aad5cf93-77ce-4319-806e-d466540b656b", "value": "c3949ff462ce38824171ce42db9aa671f3a39be2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886710", "to_ids": true, "type": "sha256", "uuid": "3ee414c5-13a3-477c-b62a-ac5f52c8799c", "value": "28cb4114ee5615e9fa039c913d41db660c089b206565d25a4342eeaf71d9b7f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886240", "to_ids": true, "type": "ssdeep", "uuid": "e6da1c32-f8fc-4087-bb28-f06be230e10c", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9ss204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886240", "to_ids": false, "type": "size-in-bytes", "uuid": "726be4ae-cbc8-4cc3-a033-0805d6cfce1f", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886240", "to_ids": true, "type": "vhash", "uuid": "ddee6cd1-359c-4a33-993b-6725347951a4", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886240", "to_ids": true, "type": "filename", "uuid": "e03fb3a6-213b-4f89-861e-ad479b4c0c90", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886240", "to_ids": false, "type": "text", "uuid": "5dff5069-85a7-4db1-82ba-6db5cf51d104", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2017-04-16T15:34:14.000000+00:00\nLast Submission:2017-04-16T15:34:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887547", "uuid": "d145a084-4640-4ce5-9b43-d5b5b952c82d", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887547", "to_ids": true, "type": "md5", "uuid": "b384190b-c52d-4dfb-9fed-7c00da0f2480", "value": "aa63b16b6bf326dd3b4e82ffad4c1338", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886711", "to_ids": true, "type": "sha1", "uuid": "f8da3453-39aa-49eb-b5af-f012d0e9849f", "value": "080cf1297718dd3df64bf5aefb2fc22e5036e81c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886711", "to_ids": true, "type": "sha256", "uuid": "e72cf5df-880a-4a47-95e6-1c5bea231a33", "value": "f23e66d10ee2f9c4a7eeee6f198b8bd566099b2d69db344c7b60f838589a06da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886262", "to_ids": true, "type": "ssdeep", "uuid": "081563af-3458-44e7-802d-a0c9c2dd4bb5", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sZ204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886262", "to_ids": false, "type": "size-in-bytes", "uuid": "4ec0e50e-bbc6-4cf2-91da-a47bbc2f3e90", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886262", "to_ids": true, "type": "vhash", "uuid": "754ee1c6-9c00-4bed-a1ca-fd1770dfd879", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886262", "to_ids": true, "type": "filename", "uuid": "e5f1b984-bfc8-48f0-bdf8-91ecde74c0ed", "value": "SAMPLES_20_09_2017 (22)" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886262", "to_ids": false, "type": "text", "uuid": "fbe6a700-9218-41d3-8bac-71cf5819f125", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2017-04-14T15:33:22.000000+00:00\nLast Submission:2017-09-21T10:10:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887568", "uuid": "c72a2420-8678-4678-9a8b-c0fb1abc109d", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887568", "to_ids": true, "type": "md5", "uuid": "2f492824-9f8a-4e0c-b37d-09d466ed48d7", "value": "c55b002ae9db4dbb2992f7ef0fbc86cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886712", "to_ids": true, "type": "sha1", "uuid": "2c01a607-ceb8-4843-8f8f-9d7657a0aa39", "value": "b368f5aaddf777f3fac6ed5502d536949c6c9411", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886713", "to_ids": true, "type": "sha256", "uuid": "b6539405-8d4d-4f25-b03f-7d3d52796db1", "value": "68a7cdd3efd37f7070b8627a1cf54e92da0bfc81e0f5799c76afae4bb97c8148", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886284", "to_ids": true, "type": "ssdeep", "uuid": "679fcf02-221e-4699-a78f-1e375031d37b", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9s4204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886284", "to_ids": false, "type": "size-in-bytes", "uuid": "99b92e8b-835b-432a-b9d6-36d687b2e08b", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886284", "to_ids": true, "type": "vhash", "uuid": "7e644ef4-8a39-4025-ac88-1790bc2731be", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886284", "to_ids": true, "type": "filename", "uuid": "9dbdab91-ef44-439a-8e4c-59c436881bfe", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886284", "to_ids": false, "type": "text", "uuid": "03a61320-9891-41f6-98b6-acdfbf107632", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2017-04-19T09:15:56.000000+00:00\nLast Submission:2017-09-21T10:09:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887589", "uuid": "e5595b78-9b02-4595-9e52-b474993fc9d5", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887589", "to_ids": true, "type": "md5", "uuid": "3fbdd40a-cad8-488f-b6d8-7c608f8e098e", "value": "c2d472bdb8b98ed83cc8ded68a79c425", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886714", "to_ids": true, "type": "sha1", "uuid": "ec2c29fb-e24c-4549-8c35-0b082b3d031e", "value": "dd07adf3f76d3de2ce828d7e3051074756b5e521", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886714", "to_ids": true, "type": "sha256", "uuid": "bc06b46c-94d9-4ed9-9cc4-0a5e2524f0b4", "value": "4a5bd9e8c470def3a66db5d5c46beed446e6a93765b30323105df3aef1cb6a06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886306", "to_ids": true, "type": "ssdeep", "uuid": "7e166320-e5ac-497f-8cb2-06c35ef7b5e3", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sw204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886306", "to_ids": false, "type": "size-in-bytes", "uuid": "16dad1fd-7bef-4499-8d88-6150e8efdf9a", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886306", "to_ids": true, "type": "vhash", "uuid": "59882253-8d76-416d-9df7-57851cf776df", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886306", "to_ids": true, "type": "filename", "uuid": "81428c5b-6793-415a-8b00-05165aa1c95e", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886306", "to_ids": false, "type": "text", "uuid": "faf0871f-f28c-4a4c-8002-a1d68e248550", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2017-04-14T08:32:01.000000+00:00\nLast Submission:2022-12-19T10:10:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887611", "uuid": "355a970b-0fdb-4d40-b922-87db3b2a5eb2", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887611", "to_ids": true, "type": "md5", "uuid": "2e02eff8-d587-41b0-aa7c-288d8f6936b8", "value": "c6f2f502ad268248d6c0087a2538cad0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886715", "to_ids": true, "type": "sha1", "uuid": "fe3f0450-ba16-4ed4-8bba-30f6a71bfc27", "value": "17caedb1ef307ef9f4838b851a5f8ed45fba09ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886715", "to_ids": true, "type": "sha256", "uuid": "0776fde4-6ee2-4762-9069-fa0deb3ab9b6", "value": "7ccd34864ec84d623a136a26e4a6558e86db5d44460a3bded489558feea93b92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886328", "to_ids": true, "type": "ssdeep", "uuid": "4064868c-de22-4e69-a631-31df918562c1", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sa204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886328", "to_ids": false, "type": "size-in-bytes", "uuid": "e50a60ff-a9cb-4966-bc19-b809139319b9", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886328", "to_ids": true, "type": "vhash", "uuid": "a0f138c9-c33a-47b4-8d23-dcb150c4db80", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886328", "to_ids": true, "type": "filename", "uuid": "c529dd31-035a-4d8c-a1e4-6a03d66e8845", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886328", "to_ids": false, "type": "text", "uuid": "4a12e46b-fd38-4b77-ad6f-410298d8f7d3", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:61/72\nFirst Submission:2017-04-10T09:40:08.000000+00:00\nLast Submission:2022-07-28T05:07:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887633", "uuid": "25a998b2-a3e0-40a1-a617-b06101e4afcc", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887633", "to_ids": true, "type": "md5", "uuid": "bc2e3702-3b39-4741-944d-c3759ce2bdfb", "value": "c66422d3a9ebe5f323d29a7be76bc57a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886716", "to_ids": true, "type": "sha1", "uuid": "a2718aec-2b31-4411-9488-d9a9a0937dd4", "value": "641decceb9d1720fe8e2493f45992276163476d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886716", "to_ids": true, "type": "sha256", "uuid": "e75cf25e-3481-47f9-91fc-0249af7dfd22", "value": "66faffa0b0b3bff02e49b120913f9e7656f1174b85bec48a8a2956c3baa32478", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886350", "to_ids": true, "type": "ssdeep", "uuid": "2a6c08eb-4f99-4168-81ef-01f5cb7c86a7", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sc204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886350", "to_ids": false, "type": "size-in-bytes", "uuid": "a35013f8-e050-4ffe-b3ad-60520890eafc", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886350", "to_ids": true, "type": "vhash", "uuid": "0dcf6eec-e989-4efc-b006-6edb89b50842", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886350", "to_ids": true, "type": "filename", "uuid": "1811ea36-1e3c-43f8-97c3-aac7032b8c9f", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886350", "to_ids": false, "type": "text", "uuid": "d1c67855-aa70-4f2c-9ae7-fa572cd197f2", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2017-04-19T09:21:25.000000+00:00\nLast Submission:2019-10-11T09:32:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887654", "uuid": "0409f05f-50d7-4734-837d-a5b849c67e64", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887654", "to_ids": true, "type": "md5", "uuid": "4ba47ed9-ee59-4b3b-92fe-805af0bbcf76", "value": "ae47d53fe8ced620e9969cea58e87d9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886717", "to_ids": true, "type": "sha1", "uuid": "477356e4-573c-4e33-8708-d00f708c0601", "value": "6af8fea520731a1e02c6ae4b308b1a682837a990", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886717", "to_ids": true, "type": "sha256", "uuid": "1dd61437-26a9-4be3-a2ad-b6723fe5de64", "value": "5b25730ce057f6d6efce02e43658a07c3b8106373d8db4b24cdeafc5acfee3d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886372", "to_ids": true, "type": "ssdeep", "uuid": "e5c323b8-3c91-4326-a9b9-f6fdeb61289e", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sV204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886372", "to_ids": false, "type": "size-in-bytes", "uuid": "c59dfbe2-931c-4915-b60e-3f763d56665f", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886372", "to_ids": true, "type": "vhash", "uuid": "bc296196-a178-426b-8b54-0b08771a091b", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886372", "to_ids": true, "type": "filename", "uuid": "b0eddc72-ef23-4e99-97b4-c6e71aa88cac", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886372", "to_ids": false, "type": "text", "uuid": "9fd202c7-14fc-4b3a-a204-d49cf124f3ad", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2017-04-11T15:30:05.000000+00:00\nLast Submission:2022-08-09T09:02:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887676", "uuid": "d418fda4-6051-4d09-bb49-5c6de56dd027", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887676", "to_ids": true, "type": "md5", "uuid": "85cf7c7f-eed2-472c-83fd-f77bab3fc6f4", "value": "b12faab84e2140dfa5852411c91a3474", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886718", "to_ids": true, "type": "sha1", "uuid": "e93645a2-11a5-480b-8e54-8550dc902a18", "value": "f85d756181220db7d27c8053e1c978f3e4470b4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886718", "to_ids": true, "type": "sha256", "uuid": "943c68d7-c407-4be7-99ee-1e2881104832", "value": "4a4a82858aba52685e165f33c2eb652009b74a2e8ba493d8ed6f9e6203152e2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886393", "to_ids": true, "type": "ssdeep", "uuid": "df9b5bc7-f695-4bbb-b0ea-e5d1feb445c3", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sy204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886393", "to_ids": false, "type": "size-in-bytes", "uuid": "70f18638-9d63-47be-927e-a996aef2bd6b", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886393", "to_ids": true, "type": "vhash", "uuid": "7158683c-3aa6-4f8b-9ccc-fa9272a8541d", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886393", "to_ids": true, "type": "filename", "uuid": "d1a2cad5-ce62-4e30-a0f8-6d026dee201e", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886393", "to_ids": false, "type": "text", "uuid": "052b939b-3f6f-4693-a8eb-6aaecc0e4b7e", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:62/72\nFirst Submission:2017-04-08T05:30:19.000000+00:00\nLast Submission:2022-09-06T00:12:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887697", "uuid": "7ee9aa0c-6cd7-4faf-a95a-41bf48a375eb", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887697", "to_ids": true, "type": "md5", "uuid": "0be57e3c-1234-4a1a-9c3d-f673b831385b", "value": "c2fbb3ac76b0839e0a744ad8bdddba0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886719", "to_ids": true, "type": "sha1", "uuid": "4ab804fe-0275-4271-bf08-d024604e0fa0", "value": "50df7a2916c3fbdefdf8787391f17d0b3d4cd181", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886719", "to_ids": true, "type": "sha256", "uuid": "f4d45c7b-5667-4104-9d73-f7a6706372f0", "value": "ccabdcec0738594a1b5c81540189897abd02bc67ee2dfe2aceac33902a12cd78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886416", "to_ids": true, "type": "ssdeep", "uuid": "50fbb2fa-7a45-4471-bc5a-e5a2c015c32c", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9s4204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886416", "to_ids": false, "type": "size-in-bytes", "uuid": "95c7a47a-7d96-4009-9a90-e245f31015b5", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886416", "to_ids": true, "type": "vhash", "uuid": "33b6dde8-8649-4975-9c76-10c1bcda72e9", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886416", "to_ids": true, "type": "filename", "uuid": "92381042-cf8b-4691-9762-9d7ef6172a38", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886416", "to_ids": false, "type": "text", "uuid": "f2ab19a2-eda4-4630-9a5f-a1c579f476d7", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:64/72\nFirst Submission:2017-04-14T08:25:05.000000+00:00\nLast Submission:2022-09-05T18:01:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887718", "uuid": "d0560890-84b4-4022-bd55-4df40732b0ff", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887718", "to_ids": true, "type": "md5", "uuid": "67683104-9e77-4202-b8e0-6dc4b30e3679", "value": "a80c7ce33769ada7b4d56733d02afbe5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886721", "to_ids": true, "type": "sha1", "uuid": "7d32593f-d700-4393-9e14-bca68a8a292d", "value": "5542950193dca41de3eacf706b3b6ca0c08780a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886721", "to_ids": true, "type": "sha256", "uuid": "8361cdb4-f1f4-4aa8-9302-93eb7a9cd208", "value": "ec3abc2447f6e796e68fd95c8316c6e4d9a376f08dafba50a1c646c58498dcc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886439", "to_ids": true, "type": "ssdeep", "uuid": "537791bf-6bec-4457-b935-7fe4f60d1400", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sA204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886439", "to_ids": false, "type": "size-in-bytes", "uuid": "ff7177c4-7e33-48cb-b760-b60f4be7e050", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886439", "to_ids": true, "type": "vhash", "uuid": "bd6d8347-4fdc-486f-9a24-1721fc9db183", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886439", "to_ids": true, "type": "filename", "uuid": "9b9eba71-c0a5-4bbd-8e41-0a2d9bd5425b", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886439", "to_ids": false, "type": "text", "uuid": "176a2e35-b3c6-4d09-b30f-459acac3a012", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:64/72\nFirst Submission:2017-03-26T22:05:47.000000+00:00\nLast Submission:2017-09-21T09:55:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887739", "uuid": "6845c834-a1e1-4629-bd16-05c1df640e51", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887739", "to_ids": true, "type": "md5", "uuid": "1e43a2bb-3c96-4a73-b85b-a83c123abaf5", "value": "6a0f07e322d3b7bc88e2468f9e4b861b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886722", "to_ids": true, "type": "sha1", "uuid": "7f9842ba-3d5a-4674-809e-049c41fe062f", "value": "ea3ccfa3f75ff87430215634229e54e4c3c7e6f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886722", "to_ids": true, "type": "sha256", "uuid": "a47dab83-b026-45ad-abd0-b7d12abff6d6", "value": "285aa5fe83503fee229bb4a1ab861427933c7ab047f63472543f75d8872735a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886461", "to_ids": true, "type": "ssdeep", "uuid": "6a6ffa3e-6321-4c85-91e8-7c0accfb77a0", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sf204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886461", "to_ids": false, "type": "size-in-bytes", "uuid": "68dd7683-16c2-4bd6-902c-5e622fd8d943", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886461", "to_ids": true, "type": "vhash", "uuid": "b90cf2c0-77ba-49fb-8548-0b676a131fd5", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886461", "to_ids": true, "type": "filename", "uuid": "d99c3bc5-6e01-442e-ae27-c1d126fe315d", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886461", "to_ids": false, "type": "text", "uuid": "0250b650-5cf3-4b60-a4f4-68a1c4afe4e7", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:54/72\nFirst Submission:2017-03-29T20:51:24.000000+00:00\nLast Submission:2018-10-24T18:41:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887761", "uuid": "a92176b9-023d-468c-9805-7aac5443259e", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887761", "to_ids": true, "type": "md5", "uuid": "6e33cca4-f51a-4519-a305-0cfa89e72de1", "value": "b681aa600be5e3ca550d4ff4c884dc3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886723", "to_ids": true, "type": "sha1", "uuid": "73e03b18-f8b7-495f-8f97-d8b5d85ce0bf", "value": "51c17ac2dfa4a3260d935219e231e8cad15d156c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886723", "to_ids": true, "type": "sha256", "uuid": "4696471c-8a49-434b-9ea3-80db8833e194", "value": "90eb47b027df520b238dc23fcf4e14aa6d6cebaff064b9f2dc62d9709b6d5b4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886483", "to_ids": true, "type": "ssdeep", "uuid": "3f58e8cd-640c-46c8-bb49-d4f6bd617a08", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sT204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9s8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886483", "to_ids": false, "type": "size-in-bytes", "uuid": "16008618-2472-49ad-a8ef-e0432af8de12", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886483", "to_ids": true, "type": "vhash", "uuid": "becadc77-c3d3-4652-9cf1-4a07bc9bbd26", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886483", "to_ids": true, "type": "filename", "uuid": "f871b44a-bfb4-46fe-b1ed-143144596788", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886483", "to_ids": false, "type": "text", "uuid": "7d278ed3-197e-4dd6-a680-3038383fcffc", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:63/72\nFirst Submission:2017-04-19T11:03:02.000000+00:00\nLast Submission:2022-09-04T09:13:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887783", "uuid": "ea57200e-274f-4e35-b839-baa8bc9dca88", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887783", "to_ids": true, "type": "md5", "uuid": "d409ab90-7ec9-408b-ae0e-b81c1b86a407", "value": "ae870c46f3b8f44e576ffa1528c3ea37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886725", "to_ids": true, "type": "sha1", "uuid": "1e592e43-62c6-4359-a92f-fdb763260bd8", "value": "363ebd228d3ba000928c7ab50ae05d665eada6bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886725", "to_ids": true, "type": "sha256", "uuid": "02a474bb-5419-448f-b08b-2e1bae336453", "value": "e077c609076f549bf532e570f634d46542fd53e22ca9e64b24027e7a35a2a46b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886505", "to_ids": true, "type": "ssdeep", "uuid": "51ed5d36-adf1-4668-8b49-a24b4289a219", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sB204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9sK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886505", "to_ids": false, "type": "size-in-bytes", "uuid": "20dc556a-0277-46d5-8929-3b5bd45e0aca", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886505", "to_ids": true, "type": "vhash", "uuid": "b4eff02a-034c-4604-a4c1-cf91056ffdbd", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886505", "to_ids": true, "type": "filename", "uuid": "ae7a6c66-ca66-49b6-a5ea-c6579ad59cca", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886505", "to_ids": false, "type": "text", "uuid": "25775374-2dab-4e02-8b45-8557046d2cf2", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:64/72\nFirst Submission:2017-04-13T14:41:34.000000+00:00\nLast Submission:2022-07-27T15:42:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887804", "uuid": "efc01122-0d3f-4bd6-bd06-0e1a06391393", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887804", "to_ids": true, "type": "md5", "uuid": "a7011d2e-4939-4ef9-ad01-5c924adcd962", "value": "bbdd6bb2e8827e64cd1a440e05c0d537", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886726", "to_ids": true, "type": "sha1", "uuid": "f40c594e-18df-4330-9fc1-4c1a2b421777", "value": "eff8a19144daf8573b37e058f13186014f0527b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886726", "to_ids": true, "type": "sha256", "uuid": "5481ee71-e19e-43e8-ac74-efd13a0f1cba", "value": "a2344ae841726cf33d5f9de6339dc069a3473085ea6c92fc3c1053ac88e1a745", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886527", "to_ids": true, "type": "ssdeep", "uuid": "d2dff434-bef0-4118-8451-eb1a9d088a21", "value": "12288:BqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9s0204P:BqYDF9k64/Q9j28okAHDHY25fC2WF9st" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886527", "to_ids": false, "type": "size-in-bytes", "uuid": "22b63e21-ed4d-475c-8325-91142465cabe", "value": "396973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886527", "to_ids": true, "type": "vhash", "uuid": "0a27afce-1f37-4645-b17d-1427ba6a16d4", "value": "035056656d15756035z9007d7z3035z23z95zc7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886527", "to_ids": true, "type": "filename", "uuid": "3eddf0b5-db89-4055-b67a-cd9c7af6e483", "value": "StikyNote.exe" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886527", "to_ids": false, "type": "text", "uuid": "8799fca3-fb53-48c5-9a15-47cf0f52edbd", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!pz\nVT Total Detection:64/72\nFirst Submission:2017-04-01T14:30:23.000000+00:00\nLast Submission:2022-07-27T15:45:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887825", "uuid": "3daab013-2122-415f-8e44-afeefbb90c6c", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887825", "to_ids": true, "type": "md5", "uuid": "6c5cef41-7ede-4fdc-8b02-384be7fdc75e", "value": "0753857710dcf96b950e07df9cdf7911", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886727", "to_ids": true, "type": "sha1", "uuid": "540cfc2c-845f-4100-a44d-fe4de4e83763", "value": "bd2c86284e083c202290898a1dac54458e4571dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886727", "to_ids": true, "type": "sha256", "uuid": "e59ba655-4074-46d5-aeb6-0beb7da5b324", "value": "525de1db42eca7584da534c5ff70ff6c1819ff4e2361cb5bca0ab1dce4e6910a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886549", "to_ids": true, "type": "ssdeep", "uuid": "ae309e45-a13c-4762-b721-13a9c27da713", "value": "12288:IY2qYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sq204n7cZj1IB5oVeNF:ItqYDF9k64/Q9j28okAHDHY25fC2WF9+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886549", "to_ids": false, "type": "size-in-bytes", "uuid": "90ca2871-0691-49b0-b6ae-92dc2df03a0a", "value": "693706" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886549", "to_ids": true, "type": "vhash", "uuid": "793dcb15-ec70-4d74-9b24-0ff4c5cb995e", "value": "065046655d155az49nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886549", "to_ids": true, "type": "filename", "uuid": "ee774d4a-ab8e-4c86-9664-2697e280d714", "value": "re.txt" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886549", "to_ids": false, "type": "text", "uuid": "73a35a73-ecc4-4e12-bf77-854e8d5a9e6f", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!rfn\nVT Total Detection:63/72\nFirst Submission:2014-08-02T07:55:57.000000+00:00\nLast Submission:2022-07-27T15:41:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887847", "uuid": "903bf026-9a58-48c0-95e2-e6e24e23c2ab", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887847", "to_ids": true, "type": "md5", "uuid": "20cc2e55-8f40-4611-97bc-4c3e75248189", "value": "d01781f1246fd1b64e09170bd6600fe1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886729", "to_ids": true, "type": "sha1", "uuid": "6f1572e3-ac7f-47ae-8285-3e9f028ad100", "value": "11ccd5b347d741a2fe9926626074f1f62df05112", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886729", "to_ids": true, "type": "sha256", "uuid": "16331e36-9c1d-4a17-bae1-d5d53fa52de8", "value": "eaa0fc8ccd3861604e43f43c645b66674e084543c17598355669f841462526a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886571", "to_ids": true, "type": "ssdeep", "uuid": "7eadc616-5302-4ff0-a2d4-ad62a0ddab1e", "value": "12288:IYeqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sq204n7cZj1IB5oVhw1:INqYDF9k64/Q9j28okAHDHY25fC2WF9y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886571", "to_ids": false, "type": "size-in-bytes", "uuid": "dff140c6-0868-418e-b995-1766f4c39b43", "value": "690268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886571", "to_ids": true, "type": "vhash", "uuid": "1965b102-b88b-4714-8b56-6d7b8bbf4db5", "value": "065046655d155az49nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886571", "to_ids": true, "type": "filename", "uuid": "f08de5a3-bb13-4255-b3df-e1ac7451973d", "value": "re.txt" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886571", "to_ids": false, "type": "text", "uuid": "d4b96371-f897-40e2-95d6-2446b3fb0959", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot!rfn\nVT Total Detection:62/72\nFirst Submission:2014-08-02T07:58:33.000000+00:00\nLast Submission:2018-11-01T07:37:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771887868", "uuid": "58363c98-4988-4124-86f7-fb30f6554a44", "Attribute": [ { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771887868", "to_ids": true, "type": "md5", "uuid": "2d088c94-dddd-4165-95f1-ccaa2597ffcf", "value": "1381148d543c0de493b13ba8ca17c14f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771886730", "to_ids": true, "type": "sha1", "uuid": "dc5ee240-4795-4e1a-a601-4645e7b9b497", "value": "bb6267c8514ec1cb9d6c0f209d4077e3dff6edaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TURNEDUP", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771886730", "to_ids": true, "type": "sha256", "uuid": "c722d0a3-9ebf-4dd4-bfbf-d008b5c1fc6d", "value": "44661ad2cee7cc84f1baeabdfd4b4fddbaf894b8d717cd9771d0216ccee06a30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771886593", "to_ids": true, "type": "ssdeep", "uuid": "1b91cda1-2948-4303-8147-4cc7ad104981", "value": "12288:IYuHyVfqYXje0DF9k64/QSywqP0T8oIN1AHDFhY25fC2WF9sq204v:IWVfqYDF9k64/Q9j28okAHDHY25fC2Wo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771886593", "to_ids": false, "type": "size-in-bytes", "uuid": "e1f985e9-266b-4ddb-b6df-7e006f616810", "value": "498241" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771886593", "to_ids": true, "type": "vhash", "uuid": "a7fc5531-5e07-4579-b6ed-4cfe9c59c620", "value": "045046655d155az49nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771886593", "to_ids": true, "type": "filename", "uuid": "3001198a-fe53-4f0b-bdde-a88d28d12eed", "value": "re.txt" }, { "category": "Other", "comment": "Checked: 24/02/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771886593", "to_ids": false, "type": "text", "uuid": "534c424c-3bc8-4f40-9a48-2ea33c2ca77a", "value": "TURNEDUP\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Hombot.A!dha\nVT Total Detection:57/72\nFirst Submission:2014-12-15T14:45:53.000000+00:00\nLast Submission:2017-09-21T06:02:41.000000+00:00" } ] } ] } }