{ "Event": { "analysis": "1", "date": "2020-01-01", "extends_uuid": "", "info": "[Threat Intel] Caught in the Act: Running a Realistic Factory Honeypot to Capture Real Threats", "protected": false, "publish_timestamp": "1772423880", "published": true, "threat_level_id": "2", "timestamp": "1772423876", "uuid": "f1a282a8-dfde-4620-b572-5a6ced87ea2c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Crysis XTBL\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Hunt\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:ransomware=\"Virus-Encoder\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772246253", "to_ids": false, "type": "link", "uuid": "d379e173-eb26-480c-b768-766960340c86", "value": "https://documents.trendmicro.com/assets/white_papers/wp-caught-in-the-act-running-a-realistic-factory-honeypot-to-capture-real-threats.pdf" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772347440", "to_ids": true, "type": "sha1", "uuid": "6476eb38-09eb-4be8-9b18-498daae979fa", "value": "d5d02092dd453185f94f5882ffa090a0358be774", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772347441", "to_ids": true, "type": "sha1", "uuid": "f9d53d15-d94f-467e-aee4-467b5068c7d4", "value": "a2ca90c6b6efce5b85335b0cc3ecca07c024dcc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772347442", "to_ids": true, "type": "sha1", "uuid": "c08f4377-6a4b-46fd-8410-100c96591c3f", "value": "4a6ab099aec72b4ca6b82db088e308d5542e1242", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "64-bit version of migwiz.bin No sample in VT\r\nLast check:01/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1772347443", "to_ids": true, "type": "sha1", "uuid": "51a462a9-f726-48a8-a68f-17f3a0406a1a", "value": "554116aabd804663c24d8b3fa41cb72c00dc5b34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772347458", "to_ids": true, "type": "domain", "uuid": "f69309fb-8aac-4fa5-aa0a-36eb607b494c", "value": "afsasdfa33.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772347479", "to_ids": true, "type": "hostname", "uuid": "e7fd6dca-584d-404f-a2e4-97b93409f0e3", "value": "de.youporn.com", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772423875", "to_ids": true, "type": "url", "uuid": "dc6ab49c-031a-4921-8e2b-3dd9718778f8", "value": "https://www.sendspace.com/file/fjtdsk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772423876", "to_ids": true, "type": "url", "uuid": "caf09b54-d6dc-4c13-90ab-4367cb885dc3", "value": "http://sendspace.com/file/qlhvgn", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347542", "uuid": "2668a2c0-a283-45fa-862a-fa0b73b4bffa", "Attribute": [ { "category": "Payload delivery", "comment": "The ransomware file, a variant of Crysis", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347542", "to_ids": true, "type": "md5", "uuid": "84b948e3-f26c-41e2-bdda-3fb41405334a", "value": "3107bb905f3df46e2e328ee779e31f42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "The ransomware file, a variant of Crysis", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347399", "to_ids": true, "type": "sha1", "uuid": "112f33b9-d337-4aed-8d30-de98c93381b5", "value": "ddf8c065d45c734b5b58e770e4f1ea086a293f19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "The ransomware file, a variant of Crysis", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347399", "to_ids": true, "type": "sha256", "uuid": "35dcb8c0-3f69-4c2d-9650-d3e43883330e", "value": "9f798a450cc91b45cca625ff95a3922db38070a85bd75d7b911e59e5d53770d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346423", "to_ids": true, "type": "ssdeep", "uuid": "477cc7a3-2b55-4b1d-b69f-2022fa220d1f", "value": "1536:mBwl+KXpsqN5vlwWYyhY9S4AE4SLlaSXrgKcQ48bcWHpOZ2yr+e72eIGZZyb1j:Qw+asqN5aW/hL6dhamQoBU4yTi17j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346423", "to_ids": false, "type": "size-in-bytes", "uuid": "312568b0-06bc-49cb-8c2a-45afbbfde35b", "value": "94720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346423", "to_ids": true, "type": "vhash", "uuid": "2a554d8f-d75a-4ada-8e00-4c1d028f3950", "value": "094036557d7bz9!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346423", "to_ids": true, "type": "filename", "uuid": "b1f3e90f-cd88-4b7a-8371-f022718ac3d7", "value": "amupn0hz.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 25/07/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346423", "to_ids": false, "type": "text", "uuid": "d1d13a78-17dc-4bc7-af5c-dfe84ba15998", "value": "The ransomware file, a variant of Crysis\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/Wadhrama\nVT Total Detection:64/74\nFirst Submission:2019-07-24T10:14:26.000000+00:00\nLast Submission:2019-10-29T16:59:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347564", "uuid": "40710ff2-0f57-4177-a20c-a3bb8a3732f8", "Attribute": [ { "category": "Payload delivery", "comment": "A normal application that lists all files on a file system. It allows an attacker to check whether a system is already infected by another piece of ransomware using the search function.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347564", "to_ids": true, "type": "md5", "uuid": "8ad48c5f-d73d-48c4-ab5d-2ca9a6c559a9", "value": "8add121fa398ebf83e8b5db8f17b45e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "A normal application that lists all files on a file system. It allows an attacker to check whether a system is already infected by another piece of ransomware using the search function.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347400", "to_ids": true, "type": "sha1", "uuid": "6335746f-2d16-439a-8d49-414258864e0f", "value": "c8107e5c5e20349a39d32f424668139a36e6cfd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "A normal application that lists all files on a file system. It allows an attacker to check whether a system is already infected by another piece of ransomware using the search function.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347400", "to_ids": true, "type": "sha256", "uuid": "aa1b2910-329e-4c75-898c-c836221b3f27", "value": "35c4a6c1474eb870eec901cef823cc4931919a4e963c432ce9efbb30c2d8a413", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346445", "to_ids": true, "type": "ssdeep", "uuid": "90e711a1-6a25-490e-a2e4-144878e20778", "value": "24576:eHwTBHVTc8rPDj3SZhwKlSUbBHNytQABBasH/li2+uuxQCWTm7Qv0yxpy1d0F9H9:4wo8LP3OJEUpNytQABBae/M29T+AF3rj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346445", "to_ids": false, "type": "size-in-bytes", "uuid": "77c9e34f-5d6b-4741-b93c-a05bd583882b", "value": "1668200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346445", "to_ids": true, "type": "vhash", "uuid": "1c402566-be54-4277-80e6-66695be61c44", "value": "016046655d651100401002400547zd7z604016a4z147z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346445", "to_ids": true, "type": "filename", "uuid": "20b8b2d5-cac7-4859-ac91-f07c7afb0830", "value": "Everything.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346445", "to_ids": false, "type": "text", "uuid": "395e1e31-54de-482b-ba1d-ed71c67c3755", "value": "A normal application that lists all files on a file system. It allows an attacker to check whether a system is already infected by another piece of ransomware using the search function.\r\nType Description: Win32 EXE\nFile distributed by: ['voidtools']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['Everything.exe']\nMicrosoft: None\nVT Total Detection:1/72\nFirst Submission:2018-02-09T08:40:24.000000+00:00\nLast Submission:2026-02-06T03:03:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347586", "uuid": "a07723d6-be4a-4a20-b2eb-157ce3fb8771", "Attribute": [ { "category": "Payload delivery", "comment": "A tool used to scan mounted and unmounted physical and network drives. Its ability to scan unmounted drives makes it very effective for ransomware attacks", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347586", "to_ids": true, "type": "md5", "uuid": "b066bc10-302b-42c2-99e2-0f0fb90f328d", "value": "597de376b1f80c06d501415dd973dcec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "A tool used to scan mounted and unmounted physical and network drives. Its ability to scan unmounted drives makes it very effective for ransomware attacks", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347402", "to_ids": true, "type": "sha1", "uuid": "e134a02e-263c-4a68-aa0d-11bd4b442c5e", "value": "629c9649ced38fd815124221b80c9d9c59a85e74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "A tool used to scan mounted and unmounted physical and network drives. Its ability to scan unmounted drives makes it very effective for ransomware attacks", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347402", "to_ids": true, "type": "sha256", "uuid": "9b599aee-4389-440f-a4d0-c3f811240069", "value": "f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346467", "to_ids": true, "type": "ssdeep", "uuid": "84fb2b70-6928-421d-af38-6bf04358ff1c", "value": "1536:Vc4Kvp6PWy/6oU2cpzLWJst+cYsu0TXSkdlgNPldqxFktvVg49jvvck1y40sWjcu:Vc3GJQ56et+cT7SoeNdqbMfN7TId" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346467", "to_ids": false, "type": "size-in-bytes", "uuid": "93d0b478-1ca7-4017-8245-e96c9220d06f", "value": "128000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346467", "to_ids": true, "type": "vhash", "uuid": "391e3333-1fb3-4295-826c-dc653d984e58", "value": "015036651d1az571z2fz11z15z77z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346467", "to_ids": true, "type": "filename", "uuid": "19cd0ecf-fde3-424c-b6ad-61757a11daf1", "value": "NS.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 20/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346467", "to_ids": false, "type": "text", "uuid": "0a4350ac-639c-4e9a-bd23-7c075e42590f", "value": "A tool used to scan mounted and unmounted physical and network drives. Its ability to scan unmounted drives makes it very effective for ransomware attacks\r\nType Description: Win32 EXE\nMicrosoft: HackTool:Win32/Ntscan!MSR\nVT Total Detection:58/72\nFirst Submission:2018-09-12T06:51:44.000000+00:00\nLast Submission:2026-02-27T06:13:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347607", "uuid": "f22b22ec-aa39-47aa-bb31-5e4da8ca7f6e", "Attribute": [ { "category": "Payload delivery", "comment": "Deletes all shadow copies", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347607", "to_ids": true, "type": "md5", "uuid": "76acecfc-24c1-41b0-946d-dcf46e4ee7d6", "value": "ad8a66d2b149335ea0c38941786df8b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Deletes all shadow copies", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347403", "to_ids": true, "type": "sha1", "uuid": "19a4fd3f-bc0b-48a5-920f-e3c4371f2dae", "value": "8ecff105db88464edf548b542a7837e92e56fcbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Deletes all shadow copies", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347403", "to_ids": true, "type": "sha256", "uuid": "234464c1-334f-4234-b8cf-9e807ed45260", "value": "95ab75f2ab25fd2e9ba8a87281809d1241e8962480b479233059f243de65d5df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346489", "to_ids": true, "type": "ssdeep", "uuid": "b26199bc-414a-4da2-b578-b6d000fd690a", "value": "3:dEDGNCJ0MCMn:G6JMn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346489", "to_ids": false, "type": "size-in-bytes", "uuid": "abaa1ceb-50f0-4eb1-925f-77b9c980a5ee", "value": "37" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346489", "to_ids": true, "type": "filename", "uuid": "2846ef93-e8c4-471f-aa14-49a17cd15f37", "value": "1.bat" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 28/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346489", "to_ids": false, "type": "text", "uuid": "e7fe7cc1-30fe-4734-8d6b-b57b93ef5ad2", "value": "Deletes all shadow copies\r\nType Description: DOS batch file\nMicrosoft: None\nVT Total Detection:6/62\nFirst Submission:2022-01-13T16:13:27.000000+00:00\nLast Submission:2026-01-30T21:36:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347629", "uuid": "a02dfa04-6c9c-4d98-abfd-b886b39df80b", "Attribute": [ { "category": "Payload delivery", "comment": "Network scanner", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347629", "to_ids": true, "type": "md5", "uuid": "81ee77d3-1308-402e-9c6a-373d7d8e7d68", "value": "869420f42c9448924f935e5c1e2d9949", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Network scanner", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347404", "to_ids": true, "type": "sha1", "uuid": "6a86996a-e146-4788-b85c-b027882daa2d", "value": "f628f11e39d2ce90e49de8774df40a248a6abcff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Network scanner", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347404", "to_ids": true, "type": "sha256", "uuid": "60b214af-9e0e-4518-869a-9eac94ed1a24", "value": "3da3b704547f6f4a1497107e78856d434a408306b92ba7c6e270c7c9790aa576", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346511", "to_ids": true, "type": "ssdeep", "uuid": "e0e51e3f-35f9-4b64-94f7-163ebe79c39d", "value": "1536:dcI+4BLSk6cMj+zlh/MHjibsu0y1P3q0LE4sCjYjUJG+fMgOQMcbFh169dsWjcdl:WIi0NXS2cm/qSE18Y44m5Fh4c3V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346511", "to_ids": false, "type": "size-in-bytes", "uuid": "6cc6f0b1-ad21-4ad7-ae2c-27a17744e419", "value": "116224" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346511", "to_ids": true, "type": "vhash", "uuid": "d83d7645-ae8a-4886-b7f0-409ecc2e5931", "value": "015036651d1az4b1z2fz11z15z77z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346511", "to_ids": true, "type": "filename", "uuid": "3098d090-7d42-4328-a82f-50d778f03313", "value": "ns aguas podr\u00eda tener netsha checar.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 07/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346511", "to_ids": false, "type": "text", "uuid": "159dff7d-75b3-4d33-a66e-4eb51c0d160f", "value": "Network scanner\r\nType Description: Win32 EXE\nMicrosoft: HackTool:Win32/Ntscan!MSR\nVT Total Detection:51/71\nFirst Submission:2017-11-15T13:15:24.000000+00:00\nLast Submission:2025-09-05T07:21:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347650", "uuid": "5ee044dc-fba0-4fa6-a482-58520d7ea0a4", "Attribute": [ { "category": "Payload delivery", "comment": "PC Hunter, an analysis tool for Windows", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347650", "to_ids": true, "type": "md5", "uuid": "6d46787f-63c2-4fdf-8e89-ef95ea9211e6", "value": "02c7df0e0734208afef41eb4f7d359fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PC Hunter, an analysis tool for Windows", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347406", "to_ids": true, "type": "sha1", "uuid": "26049fdd-c5dd-4e03-8ac4-def5eb4d391e", "value": "c4e2953509e9a47d9ee0ecfa8c886328d700ed7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PC Hunter, an analysis tool for Windows", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347406", "to_ids": true, "type": "sha256", "uuid": "4499813b-2a4e-4f5f-b9d4-a957f4fa135e", "value": "ce90f3e0c2b13ecf22c2251810bdeab9739ef18be52b485877b5d521089ee024", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346532", "to_ids": true, "type": "ssdeep", "uuid": "1a8ca344-386d-4c75-a752-f4e5ec6110bc", "value": "98304:nveNx8SaUF0NwHS1cUlGZCVLdXg7Coa+QVB9RBgJSggMPbtlaqg6Iw9pkI6ISvbi:nveNx8SgpfBHfvKact" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346532", "to_ids": false, "type": "size-in-bytes", "uuid": "945d42ec-0673-4b9c-b6ac-bad1cab85d47", "value": "7004400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346532", "to_ids": true, "type": "vhash", "uuid": "8d354c6f-eadd-4390-91b8-bed9ca320ca3", "value": "076066651d156f7511f0a01078b00cd1z32z4c2d5ze0a01ec032801027z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346532", "to_ids": true, "type": "filename", "uuid": "9b62ab8c-a088-4362-a302-154262ff29d0", "value": "PCHunter.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 24/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346532", "to_ids": false, "type": "text", "uuid": "5ebbc058-cb70-4e4e-91a2-d56646a4eb8a", "value": "PC Hunter, an analysis tool for Windows\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:37/72\nFirst Submission:2018-08-15T10:02:07.000000+00:00\nLast Submission:2026-02-24T18:34:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347671", "uuid": "c78936b9-ba65-48de-bbbc-17e0309b5687", "Attribute": [ { "category": "Payload delivery", "comment": "PC Hunter, an analysis tool for Windows", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347671", "to_ids": true, "type": "md5", "uuid": "a45c59e0-3308-4a86-90e9-f36103a64e0c", "value": "d81135333a0eed3e973107891e996505", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PC Hunter, an analysis tool for Windows", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347407", "to_ids": true, "type": "sha1", "uuid": "03afd750-a30e-41ae-85ed-3e7d8e11dab3", "value": "d373052c6f7492e0dd5f2c705bac6b5afe7ffc24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "PC Hunter, an analysis tool for Windows", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347407", "to_ids": true, "type": "sha256", "uuid": "caf77656-0a72-43a0-8faf-5728f06d53d0", "value": "d1aa0ceb01cca76a88f9ee0c5817d24e7a15ad40768430373ae3009a619e2691", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346554", "to_ids": true, "type": "ssdeep", "uuid": "d948d5a1-891c-4d26-b177-b12497c77b7e", "value": "98304:7F8k4UMOf99Xv/upYSuOtnz+QxVFgP+cAnvF+TVJ+j4bz6ISvb2FEz:7F8zUJV9uoyzxxvT4ZJGKaz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346554", "to_ids": false, "type": "size-in-bytes", "uuid": "bdcab65e-dc88-4968-8270-cc9deaecb635", "value": "10745072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346554", "to_ids": true, "type": "vhash", "uuid": "a8c201a8-2b7a-47db-8e58-5529f7b63d77", "value": "017076651d1577751561e051z78c00d2z32z4e2d5zf0b01f7032801027z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346554", "to_ids": true, "type": "filename", "uuid": "a50a9182-b1fa-4390-b5a8-1498ad642935", "value": "PCHunter.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346554", "to_ids": false, "type": "text", "uuid": "45b97bcb-9239-407f-935e-8a5f331e67e2", "value": "PC Hunter, an analysis tool for Windows\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:41/72\nFirst Submission:2018-08-15T04:47:52.000000+00:00\nLast Submission:2026-02-24T18:34:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347694", "uuid": "0cf591ec-322a-495b-8a36-0a14e2c56de0", "Attribute": [ { "category": "Payload delivery", "comment": "Task Manager Deluxe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347694", "to_ids": true, "type": "md5", "uuid": "703e42f7-b8fb-4e3a-8b17-c3d137e4d20a", "value": "23eca786a4c2a76e903aa22c398568bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Task Manager Deluxe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347408", "to_ids": true, "type": "sha1", "uuid": "59f41466-2d71-45b2-a312-c04d6e27b2c3", "value": "5ce6f58f46dc8ab89fd8bfc994dabb50316e7202", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Task Manager Deluxe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347409", "to_ids": true, "type": "sha256", "uuid": "b72386db-baca-43ad-8044-45ea80bca5b8", "value": "46a5d79eb700e9f9294495144f4a82969d1282bb407a62e3fdc41ee3b36a8d8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346576", "to_ids": true, "type": "ssdeep", "uuid": "884d8d8d-f4cb-4d25-a809-b5a9dc19ce5a", "value": "98304:7M6GFwxXu5EJoeodS4PyANqKR8cctH1QSIes:7MbW6EJoeo9Nq7tH1QSvs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346576", "to_ids": false, "type": "size-in-bytes", "uuid": "eb209301-7e99-4349-bb4c-60012e59acd8", "value": "10115072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346576", "to_ids": true, "type": "vhash", "uuid": "8b1f0c83-fb0a-43ca-a435-e56b95c30df1", "value": "0170a65d5c0d1d151c051032502008e003602012z1e035z83z203070e8z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346576", "to_ids": true, "type": "filename", "uuid": "995c5f35-9117-4a49-a357-7cb1c4cfa9d6", "value": "TMX64.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 15/03/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346576", "to_ids": false, "type": "text", "uuid": "1de0fc4b-ffe5-4b58-8439-833a50624898", "value": "Task Manager Deluxe\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/69\nFirst Submission:2017-10-06T07:46:25.000000+00:00\nLast Submission:2024-04-23T14:39:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347715", "uuid": "18807dc7-bc00-4a38-8650-1a7052b3cdcb", "Attribute": [ { "category": "Payload delivery", "comment": "Process Explorer", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347715", "to_ids": true, "type": "md5", "uuid": "a79201ac-e23c-4f5e-9387-2e0bc7f36322", "value": "b21a0c3743eb61b1e8182f7ff234cf09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Process Explorer", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347410", "to_ids": true, "type": "sha1", "uuid": "68a01c7b-97be-4713-b952-d42902a9d064", "value": "75ba2e4bfb47feed72deed2bed9b2ef698e3253f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Process Explorer", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347410", "to_ids": true, "type": "sha256", "uuid": "3513fae8-171d-4090-86a0-42f1bb0562d3", "value": "3eb2c9fef66943df0ba843e72b9d3b037fd05bb18f26852bbb0c4a7778c3ba21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346599", "to_ids": true, "type": "ssdeep", "uuid": "e83c52df-7219-45fc-9a66-dea35aec10af", "value": "24576:pczJgoO5V6r4+2Ve1sVi2Tq8kFuQSB3ichYHAhzJQKSLf8WnTE8SBqCC5pWUhEz1:pcAVN+4TgFuQq3lK5fo3BqbekLYRIx8p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346599", "to_ids": false, "type": "size-in-bytes", "uuid": "c32a46f5-43a4-4109-92da-e7ffe9db9cf6", "value": "2720928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346599", "to_ids": true, "type": "vhash", "uuid": "a24fbb8a-a6a1-40fd-8d25-77da320b3209", "value": "026056651d156564b0d06022600ae7z80e013z8040095033z77z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346599", "to_ids": true, "type": "filename", "uuid": "794347e9-1e32-4729-bb30-0bf12cf72bae", "value": "Procexp.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 02/09/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346599", "to_ids": false, "type": "text", "uuid": "1c0b8ef5-27a9-483a-8792-645eaba23262", "value": "Process Explorer\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2016-11-18T01:18:49.000000+00:00\nLast Submission:2026-02-15T21:30:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347738", "uuid": "cfa69569-8ae8-4874-b22e-4f1b7d978687", "Attribute": [ { "category": "Payload delivery", "comment": "Deletes all shadow copies", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347738", "to_ids": true, "type": "md5", "uuid": "3030560b-f59d-4de1-b433-b91b79dcab30", "value": "91be6e6a8b4c2cb99db5b99d40e06978", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Deletes all shadow copies", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347411", "to_ids": true, "type": "sha1", "uuid": "d7010a62-fffc-4e66-af8b-53aab8e5a6ca", "value": "86f599090aa2c7c1df65dccccf00e1818e72246a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Deletes all shadow copies", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347411", "to_ids": true, "type": "sha256", "uuid": "ca12854d-707c-457a-a1ca-f231109f3d32", "value": "beb5022543a1e12e1f8f5ffe5d520e5fc9cf623aea512cfb43ea2f8c2897420c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346621", "to_ids": true, "type": "ssdeep", "uuid": "3f951962-a881-4f7a-a078-8b8bbaa8f894", "value": "6:Bc4vA+b8BNcXEA+bJoGbgpooN/vmVw0XHKtwkwdWDTRul:Bc4/AncXwHanmSOHBcTRU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346621", "to_ids": false, "type": "size-in-bytes", "uuid": "3ca3fb6a-4249-4d7a-aec1-0d5d59c06431", "value": "273" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346621", "to_ids": true, "type": "filename", "uuid": "1b2748aa-8d46-43cc-9823-1b2b348eb04a", "value": "backup.bat" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 14/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346621", "to_ids": false, "type": "text", "uuid": "6cc606e0-5d57-4f65-9e7d-33beee160cc5", "value": "Deletes all shadow copies\r\nType Description: DOS batch file\nMicrosoft: Trojan:BAT/SysWiper\nVT Total Detection:31/62\nFirst Submission:2019-05-18T10:00:10.000000+00:00\nLast Submission:2024-12-02T18:53:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347760", "uuid": "28f3f67a-df46-4c75-9447-6b74fc482ace", "Attribute": [ { "category": "Payload delivery", "comment": "Disables Windows Defender", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347760", "to_ids": true, "type": "md5", "uuid": "85b97141-cfc4-4ef6-ae41-f43e42a90834", "value": "ad7f89cfa011b90c1c02e6a3cd510545", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Disables Windows Defender", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347412", "to_ids": true, "type": "sha1", "uuid": "be4064f8-edd5-499a-be12-6f02eb7a45df", "value": "c17f4d57deb93050d094e5a09d2f9e58abc252f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Disables Windows Defender", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347412", "to_ids": true, "type": "sha256", "uuid": "fcb76d4c-f807-4306-bfd5-2e163c856dfd", "value": "b49eda80fb9ce22634d8125a99ee53218eaa404f67d0a105dc675e101a265042", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346642", "to_ids": true, "type": "ssdeep", "uuid": "b6505fe8-d820-4a2e-87e7-87737526fb11", "value": "48:zzQAL40Om9W0HHlVKOVdeFezV4V6VpeCwWZS1:Pem4yHlVKeMUJoyw74E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346642", "to_ids": false, "type": "size-in-bytes", "uuid": "aebd593e-a1b2-4f59-b65d-a1a38ca76ab4", "value": "1608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346642", "to_ids": true, "type": "vhash", "uuid": "ed7b0c37-6df2-48f5-a377-926eb27b8fd3", "value": "e6edf2968c6f2fcbef18750636671df6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346642", "to_ids": true, "type": "filename", "uuid": "cfd82feb-252b-4222-9345-e7dc0b937a7e", "value": "defender.bat" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 27/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346642", "to_ids": false, "type": "text", "uuid": "51f16173-819b-42b6-bdd9-d26fc3cab24c", "value": "Disables Windows Defender\r\nType Description: Powershell\nMicrosoft: Trojan:BAT/Killav!MSR\nVT Total Detection:19/62\nFirst Submission:2020-08-21T04:14:55.000000+00:00\nLast Submission:2023-07-04T20:26:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347782", "uuid": "7988758e-997a-4d58-a901-99b1e45c148b", "Attribute": [ { "category": "Payload delivery", "comment": "Mimikatz files", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347782", "to_ids": true, "type": "md5", "uuid": "8c2c50d1-92c3-45d8-a681-0b954be662b9", "value": "53b78fa733ae10dd1f2f066f12523cb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mimikatz files", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347414", "to_ids": true, "type": "sha1", "uuid": "af4767a4-9623-46ac-a837-ec7c15dda562", "value": "ebabab9c5b723df0fde7fe02dc22145e39ba0502", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Mimikatz files", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347414", "to_ids": true, "type": "sha256", "uuid": "bc9aea90-77c1-4f82-b61d-2d05e9471ab7", "value": "d19bf611356d319e792ac04e4bc986aa01c8282d942e9de0ae568b0a7d15dc24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346664", "to_ids": true, "type": "ssdeep", "uuid": "d48b6497-cd16-4b12-ba5c-ffd6b7eedd9f", "value": "24576:Ig2RaZQf/7pQLzMAssYp4iubjlM6rlzd5oQ/mxhG:cRaWYui26rhdyQ/mq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346664", "to_ids": false, "type": "size-in-bytes", "uuid": "ada9b036-972e-4442-809b-a88ae51a0e93", "value": "925728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346664", "to_ids": true, "type": "vhash", "uuid": "7c5fb89a-4616-4d6b-ba73-bb1a664dc725", "value": "a26b67662e765b9ea726c2d495b52254" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346664", "to_ids": true, "type": "filename", "uuid": "070362cf-d8e3-412a-8305-3817216f9712", "value": "mimikatz.zip" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 26/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346664", "to_ids": false, "type": "text", "uuid": "c0df24d5-dd72-4b8a-a985-0ed4d7aade87", "value": "Mimikatz files\r\nType Description: ZIP\nMicrosoft: None\nVT Total Detection:57/69\nFirst Submission:2019-08-14T22:20:49.000000+00:00\nLast Submission:2025-05-07T23:42:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347803", "uuid": "99ec8657-aba2-425b-8e98-ef7bf6062491", "Attribute": [ { "category": "Payload delivery", "comment": "Phobos ransomware used in the attack", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347803", "to_ids": true, "type": "md5", "uuid": "39029e88-2a90-446c-a270-6f46f3bbcc37", "value": "04dc41381e036f710b8be310511c31a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phobos ransomware used in the attack", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347414", "to_ids": true, "type": "sha1", "uuid": "519febc8-f054-4bca-8a31-1d7613c3e822", "value": "2be826b4864f86c37592a2e908638873b5ff093c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Phobos ransomware used in the attack", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347414", "to_ids": true, "type": "sha256", "uuid": "e0b3cb33-fe70-4c67-ac57-1aa06a3181c0", "value": "2d2f8cedd96a400e461e568387e262679dcd5fed0dfe25a8eb01fa0f92fe12ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346685", "to_ids": true, "type": "ssdeep", "uuid": "40a5574e-7361-48f5-9720-a72035924f02", "value": "1536:lkGB8nHbKUvryElSpi8jCZGcqDKlKnr8dFuaU7zg:lFBMHRvrAjCZmKcnr8Y/g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346685", "to_ids": false, "type": "size-in-bytes", "uuid": "6007b4d6-4322-4a46-9709-0e2de4d905a1", "value": "68608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346685", "to_ids": true, "type": "vhash", "uuid": "cfd20192-3830-4e80-ba5c-f5b26fb5dcf7", "value": "064066655d15555d70e8z5ehz13z25z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346685", "to_ids": true, "type": "filename", "uuid": "0be8cfd6-162b-47fc-8780-f61c4365c621", "value": "virussign.com_04dc41381e036f710b8be310511c31a0.vir" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346685", "to_ids": false, "type": "text", "uuid": "de314bf7-a634-4711-9b9b-052788a4648d", "value": "Phobos ransomware used in the attack\r\nType Description: Win32 EXE\nMicrosoft: Ransom:Win32/Phobos.A\nVT Total Detection:64/73\nFirst Submission:2019-06-02T14:10:44.000000+00:00\nLast Submission:2019-10-28T04:09:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347824", "uuid": "258b709b-79c4-4205-bb89-d4646c6b34ad", "Attribute": [ { "category": "Payload delivery", "comment": "Port scanner", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347824", "to_ids": true, "type": "md5", "uuid": "74a98256-7e7b-449b-8e2c-2fe0a10cdd44", "value": "45d89c015fb0f3b1672540ed281d5dbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Port scanner", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347415", "to_ids": true, "type": "sha1", "uuid": "44d273d3-a4ba-4ffd-9cd0-eb64bed7c1ca", "value": "47dfbbbce8170891ddfbdcdd4e6a24d465d847e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Port scanner", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347415", "to_ids": true, "type": "sha256", "uuid": "f525df17-9d70-4c38-826c-232dbe56dc00", "value": "dbddacfdec2b53b074ad750a113de61999d78843d28af3ee18f2d106e045baaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346707", "to_ids": true, "type": "ssdeep", "uuid": "18d06f4a-54cd-4f62-b842-53df7c2750b4", "value": "196608:yG0NIyD0QecYnjAAgxqQrFodUgRHxlAlFhZVnIapA4BI:IIU0QOnjRuFWUAxlqFnFIai7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346707", "to_ids": false, "type": "size-in-bytes", "uuid": "e57ca3fb-b49a-4b86-b483-cc0ec5d2c45c", "value": "8830152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346707", "to_ids": true, "type": "vhash", "uuid": "726fed63-52cd-4d77-adb7-9dfc98ac6d23", "value": "086086665d1c0d5c0515503016z2az3bz4fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346707", "to_ids": true, "type": "filename", "uuid": "cad819eb-5699-4866-9352-88cc540d1fbd", "value": "pscan24.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 28/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346707", "to_ids": false, "type": "text", "uuid": "e24a11df-7c28-40a0-8822-26e0f68d6cd6", "value": "Port scanner\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:1/72\nFirst Submission:2015-11-05T16:25:34.000000+00:00\nLast Submission:2026-02-26T21:28:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347846", "uuid": "c16c877a-7bdc-49be-8277-bc712d95b13c", "Attribute": [ { "category": "Payload delivery", "comment": "Batch file that stops database services (e.g., MSSQL, MySQL, PostgreSQL) and Windows Defender", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347846", "to_ids": true, "type": "md5", "uuid": "e57099ec-d016-43b8-ba4c-55741eaf1d82", "value": "ca7c2449f2806fa42d63f66e70919131", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Batch file that stops database services (e.g., MSSQL, MySQL, PostgreSQL) and Windows Defender", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347417", "to_ids": true, "type": "sha1", "uuid": "41aa0f02-4304-48ad-835f-705631b33515", "value": "8b77e8888276c8ce99746a7c0d5ca3f93ea9dee8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Batch file that stops database services (e.g., MSSQL, MySQL, PostgreSQL) and Windows Defender", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347417", "to_ids": true, "type": "sha256", "uuid": "55c61bb5-2057-4f3e-bf23-06102af4cbe8", "value": "017d4eda219671f41765ae7ad603e9e9075bf1d3543a4db7412a06888f7d56a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346729", "to_ids": true, "type": "ssdeep", "uuid": "dcfab2ea-04bd-40ea-ac44-2d2316cc6f7f", "value": "48:XK94NUNHNruNGfZeBiiNN+N3NJNRNj2NFNR+RKnqYnT3jpOO2EQ0neRbRYRxR2RA:PytAXEdvnITR+Qj9G1K3Ex2D3wdVoXqG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346729", "to_ids": false, "type": "size-in-bytes", "uuid": "b63b18e1-50be-4280-8960-3cd9a41568e8", "value": "2158" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346729", "to_ids": true, "type": "filename", "uuid": "4f163b10-79f9-436d-8180-5f86a6b85da2", "value": "del service.bat" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 04/01/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346729", "to_ids": false, "type": "text", "uuid": "e06b6f8b-a4e3-4e59-b948-596417b4ef7a", "value": "Batch file that stops database services (e.g., MSSQL, MySQL, PostgreSQL) and Windows Defender\r\nType Description: unknown\nMicrosoft: Trojan:BAT/Killav!MSR\nVT Total Detection:25/62\nFirst Submission:2018-09-06T10:38:43.000000+00:00\nLast Submission:2023-01-03T22:56:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347867", "uuid": "e442d9bc-bd97-42b5-b2a7-781ae7060724", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347867", "to_ids": true, "type": "md5", "uuid": "80b3405f-4889-4760-b122-9b760bade86b", "value": "b0c77267f13b2f87c084fd86ef51ccfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347418", "to_ids": true, "type": "sha1", "uuid": "ce3d4a40-b35c-41c5-a25e-c7b326fa6733", "value": "f7543f9e9b4f04386dfbf33c38cbed1bf205afb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347418", "to_ids": true, "type": "sha256", "uuid": "8fed9a49-9961-458f-ae68-09f6f90edef6", "value": "a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346751", "to_ids": true, "type": "ssdeep", "uuid": "26460267-261c-4ff2-ae35-45990065f0d8", "value": "192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346751", "to_ids": false, "type": "size-in-bytes", "uuid": "cb205cb9-e0bb-442c-8de6-5a286b517dc8", "value": "11776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346751", "to_ids": true, "type": "vhash", "uuid": "33470732-d32c-42ae-8058-d2127350a516", "value": "114046651d151az18z2dz1ez8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346751", "to_ids": true, "type": "filename", "uuid": "b649870c-409f-4857-a273-004a4792990f", "value": "System.dll" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 29/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346751", "to_ids": false, "type": "text", "uuid": "57ba3ff1-e297-4960-9dfe-ee6811d863f5", "value": "Type Description: Win32 DLL\nFile distributed by: ['Plex']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['System.dll']\nMicrosoft: None\nVT Total Detection:1/72\nFirst Submission:2018-01-31T07:34:28.000000+00:00\nLast Submission:2026-02-21T21:20:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347888", "uuid": "6f8b605b-31d9-444f-ad01-424e3baaa5b6", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate SQLite library for retrieving stored passwords in Chrome browser", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347888", "to_ids": true, "type": "md5", "uuid": "ed4f9699-2ee3-476f-807b-d87fd0e9f339", "value": "65e62c2c528afbbb18da03dac6ac9ace", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate SQLite library for retrieving stored passwords in Chrome browser", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347419", "to_ids": true, "type": "sha1", "uuid": "485e45e8-0576-48a4-8673-bcebb49d705f", "value": "42d5708ee9b662fae73e78f0fd0c5228090c3b40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate SQLite library for retrieving stored passwords in Chrome browser", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347420", "to_ids": true, "type": "sha256", "uuid": "f0a70266-36ff-4a4d-b364-7c8ee5023040", "value": "0269f595677d2763c388a81a850d2b915aaf427a3543da79f4f9759640ed0009", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346773", "to_ids": true, "type": "ssdeep", "uuid": "fbec5ba7-2ca3-4136-be27-69d40a8c58d6", "value": "12288:PfdcaqF34Kh+PfegBnVOzLgkZH+ABRsOeDRXaqtADKFNFGFOFwcGF6cmFWc0FWcZ:XyaqyPnBkLTd1BRsOeDRXtyjzzM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346773", "to_ids": false, "type": "size-in-bytes", "uuid": "7db80ddc-d6c9-46a9-9f11-64e8207d634b", "value": "1068032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346773", "to_ids": true, "type": "vhash", "uuid": "0863b160-4341-4806-b127-cec2798f20b5", "value": "116066656d1565551098z42#z300ee" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346773", "to_ids": true, "type": "filename", "uuid": "8cda46a1-7c3c-4349-8d2f-e24714953d7d", "value": "SQLite.Interop.dll" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 08/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346773", "to_ids": false, "type": "text", "uuid": "006ee321-7272-4ed1-9c98-5973f361dc3c", "value": "Legitimate SQLite library for retrieving stored passwords in Chrome browser\r\nType Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2012-11-08T21:37:31.000000+00:00\nLast Submission:2025-12-24T17:40:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347909", "uuid": "5c41018a-6e55-486a-a6dd-6d352ce725b8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347909", "to_ids": true, "type": "md5", "uuid": "35db97b4-8626-4f69-98cc-3b4510417fbd", "value": "76cc3f61ce9594e5f6eabd6fb70f3d73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347421", "to_ids": true, "type": "sha1", "uuid": "857bdb6d-0075-46b7-8d3f-48c130a1825c", "value": "1775f9cb1829910dce7b412c2e7b1b701c23709e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347421", "to_ids": true, "type": "sha256", "uuid": "73842407-1577-451f-bf60-763abebd4dfb", "value": "57ab90072521e2031943db05dc6fb6ecb83baf1d5dfdb0ab190f1397f9d1246e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346795", "to_ids": true, "type": "ssdeep", "uuid": "2f36756b-681c-4f85-863b-5482a0c2633a", "value": "6144:PBqZzVJwtZ2WN0b25KNZC3fE8CNwUDHv2T8m8PAdzGL:PBqZZJwtEWuK5mZC3fNCN3Hv2T8m8PAS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346795", "to_ids": false, "type": "size-in-bytes", "uuid": "964a8a52-abd7-44f8-92b4-337669cbd256", "value": "292710" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346795", "to_ids": true, "type": "filename", "uuid": "2a4419f8-269a-4890-b0ad-dc78732171b0", "value": "ak.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 31/01/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346795", "to_ids": false, "type": "text", "uuid": "6a66d9ae-ec34-4814-9c9c-2c64f8f31721", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:10/60\nFirst Submission:2019-03-06T15:18:25.000000+00:00\nLast Submission:2019-03-06T15:18:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347931", "uuid": "419e96ab-4d1d-46d1-8f8d-5c55736f9a3e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347931", "to_ids": true, "type": "md5", "uuid": "eaecd0e4-4454-4928-a40c-7c804bdd22ba", "value": "3f1042871ff99cd411f1d359d9809e1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347422", "to_ids": true, "type": "sha1", "uuid": "a22c07a9-2bda-4991-a1c5-2b20e6dc1a72", "value": "b5931a99036a9a874cb917b6992e7c4510f063c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347422", "to_ids": true, "type": "sha256", "uuid": "a8d09d0a-0996-4423-88c7-30ae14993723", "value": "62356511f895285894bec6a7ae03ebf8675898e6ea6e1602fed3fec47dec3faf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346816", "to_ids": true, "type": "ssdeep", "uuid": "d96fc0c2-def5-4e47-a78a-ba63a66ca4ba", "value": "3072:oesILNoq6TUxmE57VwFifBlKoxcvB5LGlIcoRffWCdcEE/yeO9/emYcS2MxXmPZn:0Mii77VYifBIlGMpfrWFDOscSFxXmJP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346816", "to_ids": false, "type": "size-in-bytes", "uuid": "078cf29c-36ad-4db9-a267-24aa51549955", "value": "173438" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346816", "to_ids": true, "type": "filename", "uuid": "2aaf1e62-ee19-42a2-a01a-6a7555e9a15f", "value": "ak.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346816", "to_ids": false, "type": "text", "uuid": "b2d3fa35-5163-45d9-ba4a-56f358c71998", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:8/57\nFirst Submission:2019-03-06T15:18:51.000000+00:00\nLast Submission:2019-03-06T15:18:51.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347952", "uuid": "12dd7a36-4b22-4e60-a334-8399b0779f6a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347952", "to_ids": true, "type": "md5", "uuid": "20b0cb2f-5a12-4e34-8eab-a624dd7e2eda", "value": "fffc8515c43d6f1d8684b0b2228c5352", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347423", "to_ids": true, "type": "sha1", "uuid": "7f4d7c0b-5bf4-4cda-a85a-7d9a52ab5294", "value": "e355b51cf1b98c5d9513ff0752b59e8ab09e93d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347423", "to_ids": true, "type": "sha256", "uuid": "cc5cb49a-e80f-41d6-b40e-5e57977d99c2", "value": "42a620acba8f9bb9c32305dd0c5cf5fe543a4e44d287ad5c1852cd4e6c448517", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346838", "to_ids": true, "type": "ssdeep", "uuid": "01dc8550-dc81-4435-9115-58fcf2981cea", "value": "768:zVJYA5FWw8etCYXmv+X9rTT1asofyNoDwTpzy6gK5PD:ZwTuZXrabqNqWt/PD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346838", "to_ids": false, "type": "size-in-bytes", "uuid": "ab9e647f-ad95-445d-9529-34fdabdfe082", "value": "35942" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346838", "to_ids": true, "type": "filename", "uuid": "69003450-e7d1-440b-bfab-aad692916270", "value": "config.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 10/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346838", "to_ids": false, "type": "text", "uuid": "c569e0b2-07a9-4bbf-9c1f-fbb3273011f0", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:0/58\nFirst Submission:2019-03-06T15:18:54.000000+00:00\nLast Submission:2020-09-23T18:07:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347974", "uuid": "d2826a8e-2790-4f1a-98e9-3790af93d3df", "Attribute": [ { "category": "Payload delivery", "comment": "Main script that will be executed after extraction of archive. This is responsible for decrypting the component files and installing the backdoor malware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347974", "to_ids": true, "type": "md5", "uuid": "f98b8140-eb08-4a8c-89d3-2d03aa4746bb", "value": "f168cb2cb3b712a61a2e6ddc51c87ddd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Main script that will be executed after extraction of archive. This is responsible for decrypting the component files and installing the backdoor malware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347424", "to_ids": true, "type": "sha1", "uuid": "d85d79d4-4c04-419a-9efd-f54626ee0403", "value": "552c69ab13fbc4ed770b4bed69474fbf32ba6f4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Main script that will be executed after extraction of archive. This is responsible for decrypting the component files and installing the backdoor malware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347424", "to_ids": true, "type": "sha256", "uuid": "076687f5-0ce7-4beb-bdcd-46d7aae39e72", "value": "cb7bb7d091e9a7e5795889025a67abfa5762fc1243aff87d8217b3569e14aa04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346860", "to_ids": true, "type": "ssdeep", "uuid": "ff2dc726-00a9-4d11-81bf-2381aa36a3d4", "value": "384:qOS+IWpT8Uuv67Im7EXMs2e7EMsh7YMscMsocYj5GUvHdQRg9:q08Uuy7I/SSQNg9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346860", "to_ids": false, "type": "size-in-bytes", "uuid": "443d3f45-db8d-49cd-a997-ed7c9616999d", "value": "35444" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772346860", "to_ids": true, "type": "vhash", "uuid": "dff613a8-3a16-4765-b23f-6bb77d0f650d", "value": "b6c446176ee4467f83a207c0a6b133ba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346860", "to_ids": true, "type": "filename", "uuid": "7543a988-027a-4d0a-9bcc-8602d0cb3f1f", "value": "restart.ps1" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346860", "to_ids": false, "type": "text", "uuid": "7ada9802-2668-4198-a75b-ecb1d45359db", "value": "Main script that will be executed after extraction of archive. This is responsible for decrypting the component files and installing the backdoor malware\r\nType Description: Powershell\nMicrosoft: Trojan:Win32/Powersploit!ml\nVT Total Detection:17/58\nFirst Submission:2019-07-26T05:53:19.000000+00:00\nLast Submission:2019-07-26T05:53:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772347995", "uuid": "b38c16b0-1a02-4d95-bb14-9615569dfc0f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772347995", "to_ids": true, "type": "md5", "uuid": "a3868c25-8468-4a9f-9852-cd8637521ceb", "value": "6d15c2b26348a1ddb243db3919e83251", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347425", "to_ids": true, "type": "sha1", "uuid": "09bb425f-71b5-4ee6-a87b-5f762f11610d", "value": "7da837d644123e3547464273756800f22b0ed034", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347426", "to_ids": true, "type": "sha256", "uuid": "4710a1d3-a3ec-4e97-9ccb-599e6b2f164a", "value": "a556d0bd92bccc61235e85320a37af9bc2eae2293146538e270fd4431d12e893", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346925", "to_ids": true, "type": "ssdeep", "uuid": "24bc85ff-42fb-4a26-ae33-112cdeb04531", "value": "12288:PxyvQ0gIhmmWVJIj/iDCOSitu8BN7hnjbRh+sR9WxQT80Qic8lT93C+rOtQA5:PxcJWGVEb1WxEiS+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346925", "to_ids": false, "type": "size-in-bytes", "uuid": "3f026c71-6dc2-442a-9c9d-e46538248b1c", "value": "669742" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346925", "to_ids": true, "type": "filename", "uuid": "f3ace278-9bdb-4e28-bc37-6c178e23faeb", "value": "log_986225.log" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 10/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346925", "to_ids": false, "type": "text", "uuid": "dcd104b1-0dca-4cda-9f67-2e3a08bef581", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:0/57\nFirst Submission:2019-03-06T15:18:34.000000+00:00\nLast Submission:2020-09-23T18:07:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772348017", "uuid": "eb3c8226-6e5a-4c27-80cc-93d2909bc97c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772348017", "to_ids": true, "type": "md5", "uuid": "5681fbc5-96c3-4edd-8c75-6dd5cfe38831", "value": "0d269af24e85cda27bfd3f37c1f1adf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347428", "to_ids": true, "type": "sha1", "uuid": "5d72fe69-311b-4e0b-bb0e-4c7ddb50534e", "value": "1885f2a4a58fb77c49763e09189aa3c1ec4eaa27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347428", "to_ids": true, "type": "sha256", "uuid": "828bb6da-a0d2-47dd-baea-4274b66ad96d", "value": "707accb70bc730e44437b7ea4deef6daa37ad88d3195eceea25bb7bbda85f60e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346946", "to_ids": true, "type": "ssdeep", "uuid": "1ed09168-1506-456f-b3cb-177782dfaf38", "value": "1536:0fEEYJzzw/tZBCsI7ZsGqmOSUlP2RP6rsKGG913:9E+wFCsINLOSU12RPHU9d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346946", "to_ids": false, "type": "size-in-bytes", "uuid": "2a464bff-0e55-4c99-a92e-f13f21420318", "value": "60182" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346946", "to_ids": true, "type": "filename", "uuid": "b17e7f6c-3577-4022-a6ec-9edf656d5a60", "value": "rfxvmt64.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 10/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346946", "to_ids": false, "type": "text", "uuid": "6c8bc541-f4d0-46b8-aa4a-68d37103bbbf", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:0/58\nFirst Submission:2019-03-06T15:18:25.000000+00:00\nLast Submission:2020-09-23T18:07:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772348038", "uuid": "ab99ed35-d7bd-474e-b710-f048cd3aaea4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772348038", "to_ids": true, "type": "md5", "uuid": "2eee8082-22c7-4c08-accd-34f9b1828a62", "value": "13e6212cc43f811dc431a1fa95b8f1e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347429", "to_ids": true, "type": "sha1", "uuid": "4fb03593-ae84-4008-b780-d456b7255b37", "value": "e774f3e8379615eaffb7c998c743ec119aa7b481", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347429", "to_ids": true, "type": "sha256", "uuid": "88195525-ca04-45a6-82f5-52d9c640bf12", "value": "3a043ddbdc3815927ab13cd2e462700a333b8bd23dd8bfdca678d44b8d5c6dd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772346989", "to_ids": true, "type": "ssdeep", "uuid": "1fed2397-fedf-49f7-bf33-017d6b9567c0", "value": "3072:tVA9wrA+3yf8d2/oJHZKp7T6hHhH6pcvdv40cQ+FLl+whHA2VU:tgwUoyE28ZK7T6KKK0yFLTHA2VU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772346989", "to_ids": false, "type": "size-in-bytes", "uuid": "18e434df-70dd-40f7-9bf5-e00c65700378", "value": "187758" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772346989", "to_ids": true, "type": "filename", "uuid": "534f56a4-b994-4343-99c9-36c7fa8de691", "value": "termsvc.tmp" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772346989", "to_ids": false, "type": "text", "uuid": "8863ddd7-2ddc-4064-94ee-5a4b5d5498e3", "value": "Type Description: unknown\nMicrosoft: None\nVT Total Detection:7/57\nFirst Submission:2020-03-02T12:05:43.000000+00:00\nLast Submission:2020-03-02T12:05:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772348059", "uuid": "f14156b4-984b-4bed-989c-712ce2ff79c9", "Attribute": [ { "category": "Payload delivery", "comment": "UAC bypass binary", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772348059", "to_ids": true, "type": "md5", "uuid": "d3a90cc4-1bfd-4f80-8010-7a40cb599c26", "value": "2d24a3cb0fc1e160bb1eec4ff511074c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "UAC bypass binary", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347430", "to_ids": true, "type": "sha1", "uuid": "e849d417-0189-4e3d-9b20-61bf3983a681", "value": "3192ad3118b8c1eb5ee46764920a7d9120ca02e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "UAC bypass binary", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347430", "to_ids": true, "type": "sha256", "uuid": "c684a8f3-1fec-4521-bf07-cdb2037228f5", "value": "204363882eeeb751348863fbd141fad3eb8362f98f9e55211528ae238b2efe28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772347011", "to_ids": true, "type": "ssdeep", "uuid": "142f8870-242c-4f50-941c-81c11aa37f87", "value": "3072:5TwMAymxxmABmaNoa2FZE7xFnvxH1r9yOIbkeHGCEsomU:5T53mxAs12FYFNIbk/CEsB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772347011", "to_ids": false, "type": "size-in-bytes", "uuid": "d3bd76db-cfb1-41a0-9efa-d1ec5b8fdc37", "value": "122368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772347011", "to_ids": true, "type": "vhash", "uuid": "d6e8a2a3-b574-4bb7-96db-2b5525e079d2", "value": "01503e0f7d101013z11z43z11z1015z13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772347011", "to_ids": true, "type": "filename", "uuid": "13a52076-5ce3-4568-aadf-5e3e5972fb3a", "value": "update.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 25/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772347011", "to_ids": false, "type": "text", "uuid": "2d0cab73-ade2-4b3e-9f8e-d12b737f53dc", "value": "UAC bypass binary\r\nType Description: Win32 EXE\nMicrosoft: HackTool:Win32/Yoasimee.A\nVT Total Detection:53/73\nFirst Submission:2019-06-25T06:41:41.000000+00:00\nLast Submission:2019-06-25T06:41:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772348081", "uuid": "ec8c015d-23d6-4575-8090-3a8ad82eb12a", "Attribute": [ { "category": "Payload delivery", "comment": "64-bit version of ak.bin", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772348081", "to_ids": true, "type": "md5", "uuid": "7a4091d8-d5ae-4bd4-863e-d35e169a9314", "value": "b265ebf661f21f6d7b72cf00bcb80006", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "64-bit version of ak.bin", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347431", "to_ids": true, "type": "sha1", "uuid": "9ec74a12-2877-405e-b1b9-b1289625ed71", "value": "61a6b265bc612d97589dddd65e8d31cc9f0625ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "64-bit version of ak.bin", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347431", "to_ids": true, "type": "sha256", "uuid": "562b9751-e3bb-4a11-8fc8-ea56a0300464", "value": "7ae651891f41b5255c4c999d7646500e9a3a5a4cf808e582eb4365e1dfb5b17b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772347033", "to_ids": true, "type": "ssdeep", "uuid": "b4cdda0f-9407-4116-810f-5fa2716b0b1e", "value": "1536:kum4dl+yAcpNYoPsaWiD8kMTN0VAAOWJHAIxAxA:Rmkl0uYoFWXxN4ATWJHzp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772347033", "to_ids": false, "type": "size-in-bytes", "uuid": "5a066dbe-cf58-4eaa-b40e-b9d2ea60ae3d", "value": "77824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772347033", "to_ids": true, "type": "vhash", "uuid": "68631c12-0fff-409f-93af-8c7ed53ff90d", "value": "07403e0f7d101013z11z43z11z1015z13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772347033", "to_ids": true, "type": "filename", "uuid": "9f882190-18b5-464f-8f8f-70b88505b4c8", "value": "update.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 28/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772347033", "to_ids": false, "type": "text", "uuid": "6d51025a-7841-420b-87ff-75714a0a4fc7", "value": "64-bit version of ak.bin\r\nType Description: Win32 EXE\nMicrosoft: HackTool:Win32/Yoasimee.A\nVT Total Detection:54/73\nFirst Submission:2019-03-08T12:57:59.000000+00:00\nLast Submission:2019-03-08T12:57:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772348102", "uuid": "ee8f82f1-3982-4cbf-93d4-5ba030a9887e", "Attribute": [ { "category": "Payload delivery", "comment": "RDP config", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772348102", "to_ids": true, "type": "md5", "uuid": "08158e93-7a99-42ec-996d-73cc962255b8", "value": "3375a5e55fa0228689c8946d7ff5016b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RDP config", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347433", "to_ids": true, "type": "sha1", "uuid": "dc18ea0c-eabb-4214-b3f3-c2b698761491", "value": "91c24a33a616168604645aacc01f32c9beac92aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RDP config", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347433", "to_ids": true, "type": "sha256", "uuid": "07203503-82a7-4c58-b34c-c6de9b6e587a", "value": "774665a18d2c57214869068da9108bb36d2ad0203d5b65c832ced1b150fdfb79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772347055", "to_ids": true, "type": "ssdeep", "uuid": "f5bbb3c3-2313-477c-bc86-505f8a10b389", "value": "768:1UzQVQv5ypBfbQnxJyMFdlx8Rr/d6gl/+f8jZ0fLw7tL+2b0ZEETAPv95LIvuthv:vCEETCv95LIvuthtO9Oec+E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772347055", "to_ids": false, "type": "size-in-bytes", "uuid": "b045cd38-a7fd-4647-8b82-1517b519e0c4", "value": "136444" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772347055", "to_ids": true, "type": "filename", "uuid": "bf120a16-6088-4156-9909-43ddfcd389ec", "value": "netconwiz.ini" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 10/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772347055", "to_ids": false, "type": "text", "uuid": "9ec15d12-2126-47b4-adf7-85d84a7b0c26", "value": "RDP config\r\nType Description: Text\nNoneMicrosoft: None\nVT Total Detection:0/55\nFirst Submission:2019-04-01T20:22:52.000000+00:00\nLast Submission:2019-04-01T20:22:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772348123", "uuid": "7d444d8a-fa2f-493e-977f-863729755247", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772348123", "to_ids": true, "type": "md5", "uuid": "8ff8912d-7b02-4f88-b3b0-27eca451dfee", "value": "91b1d09f8303d0a090f0c88ce9d36c7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347434", "to_ids": true, "type": "sha1", "uuid": "c75df15c-7b55-4216-b369-ad65feb16468", "value": "fd4552e078bcae7134a3008d3b342011d835b007", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347434", "to_ids": true, "type": "sha256", "uuid": "e1ba0009-a608-4035-8dc3-e5bf8d5bf69a", "value": "da7ac4bcc463f64a37b03088a8f7c3d07fb60488d21068695182d070b8f52cbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772347077", "to_ids": true, "type": "ssdeep", "uuid": "c83e4059-374a-4579-89d8-f4e7c99d482f", "value": "24576:iKpzQQHBEhhRTiXi5fNUEgHArDNFNAqo+6ZCP:HzQ0EiXiPUESA3NS+62" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772347077", "to_ids": false, "type": "size-in-bytes", "uuid": "0882d716-3b98-4932-bf27-71ff1d67714b", "value": "990720" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772347077", "to_ids": true, "type": "vhash", "uuid": "fee22566-0cc4-4b5a-a540-7e9b6a3f9942", "value": "19503e0f7d5019z301013z1015z13z101cz5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772347077", "to_ids": true, "type": "filename", "uuid": "1a57a82d-eca3-469c-a231-93e32ec9de74", "value": "gkjsuur fafa" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 25/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772347077", "to_ids": false, "type": "text", "uuid": "f5060aeb-be2b-412c-bd24-b0d6b1bb8d49", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:51/73\nFirst Submission:2019-04-09T13:41:32.000000+00:00\nLast Submission:2019-04-09T13:41:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772348144", "uuid": "2cce1425-343e-49cc-81dc-31f693527163", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate Microsoft binary - rdpclip.exe (RDP Clipboard Monitor)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772348144", "to_ids": true, "type": "md5", "uuid": "fbbceea1-8d03-4819-b07d-af29e5853930", "value": "1690e3004f712c75a2c9ff6bcde49461", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Microsoft binary - rdpclip.exe (RDP Clipboard Monitor)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347435", "to_ids": true, "type": "sha1", "uuid": "80c39373-ad5d-4f0e-b594-59feadcee858", "value": "306498e9a9f1c6b2813dad7cdcd8433139201794", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Microsoft binary - rdpclip.exe (RDP Clipboard Monitor)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347435", "to_ids": true, "type": "sha256", "uuid": "19f3741e-feda-4364-8cc5-07fe1c036e29", "value": "10675ecac736bf3fa5175330ef22d3f1e252a698072c58cba3de0a208e751fb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772347120", "to_ids": true, "type": "ssdeep", "uuid": "6342f37a-7d7b-45a4-86c3-cb8289a0f485", "value": "12288:gchwbB56CegxMQkCUWtz4vlMqTLMCPSZ4jxALjK+5zBQ:ZwbB56MxMQkCUWtz4vlMqHtDjxALz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772347120", "to_ids": false, "type": "size-in-bytes", "uuid": "39228353-eda5-4033-aeb7-387acf5e156a", "value": "417280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772347120", "to_ids": true, "type": "vhash", "uuid": "ec2ded28-7f30-4d4c-8ae8-37d4536af0ec", "value": "045066655d15551551a3z11600602d1z91z93zc1z42z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772347120", "to_ids": true, "type": "filename", "uuid": "341d766b-2749-4eb3-a0a5-be40682457ea", "value": "rdpclip.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 11/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772347120", "to_ids": false, "type": "text", "uuid": "122e2d6e-14f7-45f3-9490-0edfd4d8e128", "value": "Legitimate Microsoft binary - rdpclip.exe (RDP Clipboard Monitor)\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:0/71\nFirst Submission:2018-04-21T09:12:46.000000+00:00\nLast Submission:2025-09-14T23:46:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772348166", "uuid": "c6060a8d-38ad-4333-8dcc-35d66baf60e2", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate Microsoft binary - rfxvmt.dll (Microsoft RemoteFX VM Transport)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772348166", "to_ids": true, "type": "md5", "uuid": "da134787-b904-47e6-a906-216569b59bf1", "value": "e3e4492e2c871f65b5cea8f1a14164e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Microsoft binary - rfxvmt.dll (Microsoft RemoteFX VM Transport)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347436", "to_ids": true, "type": "sha1", "uuid": "f6607706-a14f-40f7-b1be-c42208f95521", "value": "81d4ad81a92177c2116c5589609a9a08a5ccd0f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Microsoft binary - rfxvmt.dll (Microsoft RemoteFX VM Transport)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347436", "to_ids": true, "type": "sha256", "uuid": "75316778-0969-4551-9ded-f958d699651d", "value": "32ff81be7818fa7140817fa0bc856975ae9fcb324a081d0e0560d7b5b87efb30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772347142", "to_ids": true, "type": "ssdeep", "uuid": "fafdad6c-c668-460e-9d55-5f29f97af259", "value": "768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772347142", "to_ids": false, "type": "size-in-bytes", "uuid": "b43f94eb-74cb-4579-a479-e73937bfa564", "value": "37376" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772347142", "to_ids": true, "type": "vhash", "uuid": "84752b8f-2a3d-47b7-ac30-3a7423b5f08f", "value": "134066655d1515151dzf1z3xz15" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772347142", "to_ids": true, "type": "filename", "uuid": "9f1e2a08-9c43-44c0-ba9a-9558f8f06ef7", "value": "rfxvmt.dll" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 13/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772347142", "to_ids": false, "type": "text", "uuid": "f32a590b-e831-4bb5-b09e-08a108d87a3f", "value": "Legitimate Microsoft binary - rfxvmt.dll (Microsoft RemoteFX VM Transport)\r\nType Description: Win32 DLL\nFile distributed by: ['Microsoft']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['rfxvmt.dll']\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2017-03-21T08:42:13.000000+00:00\nLast Submission:2026-02-08T10:12:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772348187", "uuid": "020cca0a-9a3d-46ec-aed6-e0d7cf779a82", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772348187", "to_ids": true, "type": "md5", "uuid": "058c5737-6c2a-4566-8c75-711ddacb87c4", "value": "930496d2d14bea80f3310660fcea48a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347437", "to_ids": true, "type": "sha1", "uuid": "75527557-1c6f-4195-85f0-a46b6c5ccd97", "value": "34dd125d42fdb33d2108896ff276cbfe71154cca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347437", "to_ids": true, "type": "sha256", "uuid": "e11bc6f5-61fc-4d7d-a718-3e8265a4b038", "value": "a315c03710c456a61f1720719045ebcdf081b8a5a002a1b82bbb3576bc0e8760", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772347164", "to_ids": true, "type": "ssdeep", "uuid": "8a9e4270-fd6d-4cde-a844-cc26437c133f", "value": "3072:zDzN9W0ZFyJTVTVOucHJSdMqcrb7/JkOWWiH+CCYDbw:PzNkGWTLiodMqcrb7/OOevjb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772347164", "to_ids": false, "type": "size-in-bytes", "uuid": "059b105b-8f20-4bca-8e1a-ab1a5f408b4d", "value": "123904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772347164", "to_ids": true, "type": "vhash", "uuid": "b9729147-4bf0-4619-93d6-85c9416d9e5d", "value": "115066651d1555155az4enz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772347164", "to_ids": true, "type": "filename", "uuid": "e76882e1-1d35-4bdd-a84d-0686e97d6529", "value": "termsvc.dll" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 07/06/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772347164", "to_ids": false, "type": "text", "uuid": "d3568c8a-35a5-4384-8ed5-3183aaecfe4f", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:52/72\nFirst Submission:2019-03-16T21:20:15.000000+00:00\nLast Submission:2023-01-30T16:21:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772348208", "uuid": "dd4f4b64-554a-4adc-b3db-f50443b70094", "Attribute": [ { "category": "Payload delivery", "comment": "64-bit version of termsvc.bin", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772348208", "to_ids": true, "type": "md5", "uuid": "ba00a386-2c09-441e-91c7-7b50bb1fd0a7", "value": "c8015b6ac62af90cc3d6729f947af2dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "64-bit version of termsvc.bin", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772347438", "to_ids": true, "type": "sha1", "uuid": "f9e12729-2f4e-4204-9388-50007ea2a398", "value": "8ffe80190f7662422bf6c5736a01ea26880b74a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "64-bit version of termsvc.bin", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772347439", "to_ids": true, "type": "sha256", "uuid": "45c2c833-3bbe-4a9a-bf53-bbd44d358ef5", "value": "d8d59374d56a1247ea322faf5adcbcb42aa2a2f8f770605adc59d00c8f8b5754", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772347185", "to_ids": true, "type": "ssdeep", "uuid": "2172df8c-9565-49f5-92bd-2c5aa03cd11f", "value": "1536:kTkbPc/WGiuW5ZgfEXCQMBSz/c+AsWjcduX+NU3E5rVn9JD:kwb4pinmf/ERvuX+NU3ENVnT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772347185", "to_ids": false, "type": "size-in-bytes", "uuid": "8000d556-b675-4092-baef-db6f63f0799a", "value": "103936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772347185", "to_ids": true, "type": "vhash", "uuid": "8de370cf-e863-4430-8d99-1d8703c278d5", "value": "115056655d15156az4anz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772347185", "to_ids": true, "type": "filename", "uuid": "85cba5a7-6d9e-4588-acb1-4207dfcdea43", "value": "termsvc.dll.18.dr" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 06/06/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772347185", "to_ids": false, "type": "text", "uuid": "62709017-271f-4ec4-bea0-ff696e9a0b17", "value": "64-bit version of termsvc.bin\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:51/72\nFirst Submission:2019-03-31T15:16:00.000000+00:00\nLast Submission:2019-04-01T20:20:57.000000+00:00" } ] } ] } }