{ "Event": { "analysis": "1", "date": "2024-05-19", "extends_uuid": "", "info": "[Threat Intel] A Tale of Two Industroyers: It was the Season of Darkness", "protected": false, "publish_timestamp": "1772407385", "published": true, "threat_level_id": "2", "timestamp": "1772407382", "uuid": "f1baddf0-90de-4137-99e4-e338c24807a3", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"INDUSTROYER2\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Industroyer\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-software=\"Industroyer\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#55acee", "local": false, "name": "rectifyq:MY-relevancy=\"potentially-relevant\"", "relationship_type": "" }, { "colour": "#f63636", "local": false, "name": "ICS-specific", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772360356", "to_ids": false, "type": "link", "uuid": "e0a208fe-d46d-4672-8a04-2296f9be0582", "value": "https://ieeexplore.ieee.org/abstract/document/10646775" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772360356", "to_ids": false, "type": "link", "uuid": "6a46c926-e603-4f07-9f92-8018aac67def", "value": "https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10646775" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772367811", "uuid": "19465f6e-6dde-4fc3-b23d-ae2aedc7c165", "Attribute": [ { "category": "Payload delivery", "comment": "101.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772367811", "to_ids": true, "type": "md5", "uuid": "735c3e02-cc6d-455e-a905-d32958ef6951", "value": "9e7c180a5167a7c4ec64e0ff9b4e5a6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "101.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772367632", "to_ids": true, "type": "sha1", "uuid": "44683eca-3b5b-40eb-ad09-4026f09c4d67", "value": "2c6322ac3191bb4a7da7d2787451868cdc0e4c35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "101.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772367632", "to_ids": true, "type": "sha256", "uuid": "366a6fa3-a5c5-4305-a2e9-9a591c2f270e", "value": "a319551ef72492b3cd489de676b2f6e7938a5ef23e572d36dd742b599686caac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772364070", "to_ids": true, "type": "ssdeep", "uuid": "15bd84db-0f58-4036-9593-2a603d195f2b", "value": "3072:Sxjy9EFCQC2mCN4DBVPMoqlJayHtpL+Xq5rKy6dUwSAg0Fujof/1a1wqh12E:SOE4z0qmtp71AOaupf2E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772364070", "to_ids": false, "type": "size-in-bytes", "uuid": "45448be8-6aa6-4579-bdb8-3be253c78e4f", "value": "229888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772364070", "to_ids": true, "type": "vhash", "uuid": "0865e79f-4320-47df-bef4-005fdc99bd9a", "value": "125076655d151d15556az58?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772364070", "to_ids": true, "type": "filename", "uuid": "56a933a9-075c-46f9-94b3-6a73d04f7ed9", "value": "101.dll" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 28/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772364070", "to_ids": false, "type": "text", "uuid": "11186c45-a938-4cd5-a6e4-a54a36cb7541", "value": "101.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/CrashOverride!rfn\nVT Total Detection:49/72\nFirst Submission:2020-03-07T23:00:16.000000+00:00\nLast Submission:2026-02-28T06:57:21.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772367832", "uuid": "81432851-672c-40a4-be0c-4ae77a87e3d7", "Attribute": [ { "category": "Payload delivery", "comment": "104.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772367832", "to_ids": true, "type": "md5", "uuid": "7b2e6e1b-d469-4a5a-bff3-60f9c6147566", "value": "a193184e61e34e2bc36289deaafdec37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "104.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772367633", "to_ids": true, "type": "sha1", "uuid": "9b33322a-ec22-47d7-b2d8-fee246775027", "value": "94488f214b165512d2fc0438a581f5c9e3bd4d4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "104.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772367633", "to_ids": true, "type": "sha256", "uuid": "73b9ff9e-9b2e-47e6-815f-21e14b9247f3", "value": "7907dd95c1d36cf3dc842a1bd804f0db511a0f68f4b3d382c23a3c974a383cad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772364092", "to_ids": true, "type": "ssdeep", "uuid": "9c25fc25-4538-47f3-86e1-bd65df0a7888", "value": "3072:McaprOfoaXmgD31r4VWBvRZoiTprUZNZ9VQ6s6W9:McuOJ2gD31QW51pgE6st9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772364092", "to_ids": false, "type": "size-in-bytes", "uuid": "10433de6-f9f1-4b5d-9012-8f38d7239c33", "value": "136704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772364092", "to_ids": true, "type": "vhash", "uuid": "38621112-bfdc-409a-a8f1-a6e5fc4554f1", "value": "115066655d1515556az4dvza6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772364092", "to_ids": true, "type": "filename", "uuid": "d2f4ee4c-318a-40ee-bb4e-0b6c2c99de55", "value": "fxrhgtw.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 24/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772364092", "to_ids": false, "type": "text", "uuid": "12cfbcad-311f-4209-b1b2-58d16b5558ae", "value": "104.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/CrashOverride.A\nVT Total Detection:57/72\nFirst Submission:2016-12-19T10:06:04.000000+00:00\nLast Submission:2026-02-28T06:57:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772367854", "uuid": "e68643f3-bb3d-4637-9332-005c44828014", "Attribute": [ { "category": "Payload delivery", "comment": "61850.dll", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772367854", "to_ids": true, "type": "md5", "uuid": "81d824b4-05d6-40cb-8405-c6122b9b205e", "value": "f73188706e0bdc1877ad77eb723c2eba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "61850.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772367634", "to_ids": true, "type": "sha1", "uuid": "548604bb-ef4d-4263-b6e2-04bb00a8aeb2", "value": "8a638f7b653bb368df1c21f16a908fc80fd01a49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "61850.dll", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772367635", "to_ids": true, "type": "sha256", "uuid": "a82664e4-b374-49bd-9cc4-37f4d52eb0fe", "value": "4e7d2b269088c1575a31668d86de95fd3dde6caa88051d7ec110f7f150058789", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772364114", "to_ids": true, "type": "ssdeep", "uuid": "f634dea5-e7a9-4a20-a533-63fbc9d60eb6", "value": "3072:vd9844Uv3H4giLZQQd1VbsmlAg0FujUQ8azV:lr3H4hLL/lAOZzV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772364114", "to_ids": false, "type": "size-in-bytes", "uuid": "1d24f559-0312-4c1d-87d1-dcce0d53e943", "value": "136192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772364114", "to_ids": true, "type": "vhash", "uuid": "2b2710fb-8043-4cea-817a-f5a0b4742ffe", "value": "115076655d151d15556az4bnz15zf6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772364114", "to_ids": true, "type": "filename", "uuid": "aec9057b-a155-4919-9fab-a6165f12b6d9", "value": "ph80unzx.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 28/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772364114", "to_ids": false, "type": "text", "uuid": "5eb15da5-585f-4da3-803e-b9bf210bac52", "value": "61850.dll\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/CrashOverride!dha\nVT Total Detection:48/72\nFirst Submission:2020-03-07T23:02:17.000000+00:00\nLast Submission:2026-02-28T06:55:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772367875", "uuid": "e95ec569-ec2f-430f-a68f-6274e62e38b3", "Attribute": [ { "category": "Payload delivery", "comment": "haslo.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772367875", "to_ids": true, "type": "md5", "uuid": "8b806760-2722-4f5f-8d27-d5f94c204183", "value": "7a7ace486dbb046f588331a08e869d58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "haslo.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772367635", "to_ids": true, "type": "sha1", "uuid": "ae7f6a02-7294-47fb-bfa6-a0904984044f", "value": "b92149f046f00bb69de329b8457d32c24726ee00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "haslo.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772367635", "to_ids": true, "type": "sha256", "uuid": "317525ee-8728-45fd-a862-58fb0a54f3a4", "value": "ad23c7930dae02de1ea3c6836091b5fb3c62a89bf2bcfb83b4b39ede15904910", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772364136", "to_ids": true, "type": "ssdeep", "uuid": "0a1b1bdf-d57f-4017-9d45-c144ae49362a", "value": "1536:txjX3k9R4Bdde5eFN73+WmS3UJ64b69AQJRCsWmcd2jjGVjpU:jddewFVO1S3I64LwRg2jjGJK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772364136", "to_ids": false, "type": "size-in-bytes", "uuid": "67cf2486-2c82-4f58-a456-0eb84b816aaf", "value": "76800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772364136", "to_ids": true, "type": "vhash", "uuid": "0f61d546-d9a2-432f-a631-a2dcc4d59b0f", "value": "074066655d1515556048z49bz15z21z1ez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772364136", "to_ids": true, "type": "filename", "uuid": "b9805c1b-29ee-4a69-bd7d-c738f34c3ae2", "value": "625yo1.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 15/09/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772364136", "to_ids": false, "type": "text", "uuid": "bc9c2780-69c0-4210-bbc4-ccab86863b64", "value": "haslo.exe\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/CrashOverride.A!dha\nVT Total Detection:65/72\nFirst Submission:2016-12-19T09:58:43.000000+00:00\nLast Submission:2023-06-19T08:39:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772367896", "uuid": "ffd4b3e4-67e7-44d4-8df9-07d12c7cb117", "Attribute": [ { "category": "Payload delivery", "comment": "opc.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772367896", "to_ids": true, "type": "md5", "uuid": "0b449504-db0e-4f84-a9ba-25a20d580f34", "value": "36997bdef02b63d411d0bea0335c6899", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "opc.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772367636", "to_ids": true, "type": "sha1", "uuid": "ff71ac53-a5ed-48ff-9a54-892447a3198d", "value": "7fac2eddf22ff692e1b4e7f99910e5dbb51295e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "opc.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772367637", "to_ids": true, "type": "sha256", "uuid": "289ff7a5-e85d-4032-8639-1e13b6efd5fe", "value": "156bd34d713d0c8419a5da040b3c2dd48c4c6b00d8a47698e412db16b1ffac0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772364157", "to_ids": true, "type": "ssdeep", "uuid": "41b6aef5-4280-4dbf-b5a1-e5f38f01fb42", "value": "3072:HM35lWVEFFaup+juJH6RVVVYBTOr83GqK8vbxU+HvaAg0FujoYVzYSwn:s35Q+FFhp+eaj7Y4rXayAOASw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772364157", "to_ids": false, "type": "size-in-bytes", "uuid": "33b60fd0-5fee-4dbb-ac99-283270eeb6ab", "value": "245248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772364157", "to_ids": true, "type": "vhash", "uuid": "d141845b-75d3-4256-b7ad-ed4bdbed72fd", "value": "025066655d1d15556028z537z802tz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772364158", "to_ids": true, "type": "filename", "uuid": "2e82d70c-300c-477b-96b8-49c60b3904b0", "value": "3A586EB6.vsc" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 25/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772364158", "to_ids": false, "type": "text", "uuid": "0cd50762-2847-4269-9a91-c6d45b3244eb", "value": "opc.exe\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/CrashOverride!dha\nVT Total Detection:50/72\nFirst Submission:2019-03-05T15:55:44.000000+00:00\nLast Submission:2026-02-28T06:56:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772367917", "uuid": "d5d72582-e661-410a-b8fb-18ae618210c8", "Attribute": [ { "category": "Payload delivery", "comment": "svchost.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772367917", "to_ids": true, "type": "md5", "uuid": "4a5a6d8f-6ae4-4df3-9f7a-ff8bf33bf9eb", "value": "53dc3a7cc1f604d7f97d226af60af842", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "svchost.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772367637", "to_ids": true, "type": "sha1", "uuid": "5e9123fe-196b-4b69-bcc3-9fb65fd5a4e9", "value": "4c070cdc760b8ef551768af820582a49da1ec0b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "svchost.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772367637", "to_ids": true, "type": "sha256", "uuid": "2c538d60-981a-4e7a-88d7-76be611dfdec", "value": "7cc9ac6383437dd96161b93b017500a22a2c8d05f58778b9b9fce8ea73304546", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772364179", "to_ids": true, "type": "ssdeep", "uuid": "67a3fcdf-25a9-4e86-87c3-15074bc13f46", "value": "1536:aL3UkyqCJZnEmdQqj/WZW99aBUCv68QJnCsW1wnLcd2qhNs6Qaw:ZnEm62+499aSCtwvna2qhNsNT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772364179", "to_ids": false, "type": "size-in-bytes", "uuid": "d548051e-e513-4920-b897-4a65212ec0a6", "value": "74240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772364179", "to_ids": true, "type": "vhash", "uuid": "03746754-fba4-4370-b057-d35062dd5abe", "value": "074066655d1515556038z51hz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772364179", "to_ids": true, "type": "filename", "uuid": "7ce738e5-0968-413d-b4bf-57da813ce8e0", "value": "svchost.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 16/12/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772364179", "to_ids": false, "type": "text", "uuid": "1079dc4b-7acb-4d59-991b-ff19116424c3", "value": "svchost.exe\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/CrashOverride.B!dha\nVT Total Detection:55/72\nFirst Submission:2020-05-25T18:36:09.000000+00:00\nLast Submission:2020-05-25T18:36:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1772367939", "uuid": "5401c7f6-bc50-4e8e-a87d-81d12b1feab3", "Attribute": [ { "category": "Payload delivery", "comment": "40_115.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1772367939", "to_ids": true, "type": "md5", "uuid": "3fb50782-2252-477b-ab0f-6082f03aa9fc", "value": "7c05da2e4612fca213430b6c93e76b06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "40_115.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1772367639", "to_ids": true, "type": "sha1", "uuid": "fbec9870-e279-4aea-952f-8d8fbac7e717", "value": "fdeb96bc3d4ab32ef826e7e53f4fe1c72e580379", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "40_115.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1772367639", "to_ids": true, "type": "sha256", "uuid": "fbb15b60-e0f1-429c-92d7-543275b92d49", "value": "d69665f56ddef7ad4e71971f06432e59f1510a7194386e5f0e8926aea7b88e00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1772364201", "to_ids": true, "type": "ssdeep", "uuid": "20bf9544-f86a-44ca-bad5-64583cb48f92", "value": "768:9kQ2SkG1EqihRWlG4ya6kcqCHfv3uWvzPMinhgaXj7:9jo9kc3einhgaXv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1772364201", "to_ids": false, "type": "size-in-bytes", "uuid": "36013095-d498-4893-a5d4-4d69fd013ee4", "value": "37888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1772364201", "to_ids": true, "type": "vhash", "uuid": "cb72d6b1-b0ec-41c4-b2b1-4e5266a67aa2", "value": "034046551d155az279z25z1039ze7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1772364201", "to_ids": true, "type": "filename", "uuid": "332bafad-b7d8-481f-96f4-6d261384d636", "value": "d69665f56ddef7ad4e71971f06432e59f1510a7194386e5f0e8926aea7b88e00.exe" }, { "category": "Other", "comment": "Checked: 01/03/2026\nLast-scan\t: 26/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1772364201", "to_ids": false, "type": "text", "uuid": "5dcf707d-7203-40c8-8038-4e1c98337350", "value": "40_115.exe\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Znyonm!rfn\nVT Total Detection:45/72\nFirst Submission:2022-04-14T12:36:41.000000+00:00\nLast Submission:2025-12-15T13:19:45.000000+00:00" } ] } ] } }