{ "Event": { "analysis": "1", "date": "2026-03-05", "extends_uuid": "", "info": "[Threat Intel] Iranian APT on Networks of U.S. Bank, Airport, Software Company", "protected": false, "publish_timestamp": "1776070485", "published": true, "threat_level_id": "2", "timestamp": "1773274389", "uuid": "fe3d8a75-2175-4215-b804-26c94b531ea3", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Symantec\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": "" }, { "colour": "#6ef296", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Password Spraying - T1110.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#7d37d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#5884a7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Civil Aviation\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"MuddyWater\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Charming Kitten\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Stuxnet\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772852408", "to_ids": false, "type": "link", "uuid": "35b6beeb-3cf0-4dce-811c-3352dd56099f", "value": "https://www.security.com/threat-intelligence/iran-cyber-threat-activity-us" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1772852408", "to_ids": false, "type": "text", "uuid": "494c6674-9c00-4062-bbe5-49c1f88c62e2", "value": "Iranian APT group Seedworm has been active on networks of multiple U.S. companies since February 2026, targeting a bank, airport, software company, and NGOs. The group deployed new backdoors named Dindoor and Fakeset, signed with certificates previously linked to Seedworm. The activity occurs amid escalating tensions between the U.S., Israel, and Iran. Seedworm, known for espionage and information gathering, has broadened its scope to target various sectors globally. The article discusses recent Iranian cyber activities, potential future threats, and provides recommendations for defenders to prepare against DDoS, credential attacks, leaks, critical infrastructure attacks, and destructive operations." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1772852408", "to_ids": false, "type": "text", "uuid": "0d6914ad-e6cd-4539-b782-222d8b028731", "value": "Name: Iranian APT on Networks of U.S. Bank, Airport, Software Company\nAuthor: AlienVault\nAdversary: Seedworm\nTags: [\"pdq\", \"critical infrastructure\", \"u.s. targets\", \"httpsnoop\", \"fakeset\", \"iranian apt\", \"espionage\", \"dindoor\", \"backdoor\", \"cyberattack\", \"bibiwiper\", \"darkcomp\", \"phoenix\", \"cve-2023-6895\", \"cve-2017-7921\", \"stagecomp\", \"ddos\", \"data exfiltration\", \"apt\", \"geopolitical conflict\"]\nTgtd countries: [\"United States of America\", \"Canada\", \"Israel\"]\nMlwr families: [\"Dindoor\", \"Fakeset\", \"Stagecomp\", \"Darkcomp\", \"Phoenix\", \"PDQ\", \"BibiWiper\", \"HTTPSnoop\"]\nAttack_ids: [\"T1133\", \"T1204.002\", \"T1566.002\", \"T1566.001\", \"T1190\", \"T1567\", \"T1110.003\", \"T1059\", \"T1204\", \"T1041\", \"T1059.001\", \"T1566\", \"T1110\", \"T1078\", \"T1027\", \"T1567.002\", \"T1059.006\", \"T1059.003\", \"T1027.002\", \"T1105\", \"T1204.001\"]\nIndustries: [\"Finance\", \"Defense\", \"Aerospace\", \"Government\", \"Transportation\", \"Technology\", \"Energy\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1772852408", "to_ids": false, "type": "threat-actor", "uuid": "8117e78c-ef17-41cb-8762-506288c19da7", "value": "Seedworm" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772852408", "to_ids": false, "type": "vulnerability", "uuid": "110f90cb-9fce-436b-ab42-c0fc460a3ed5", "value": "CVE-2017-7921" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772852408", "to_ids": false, "type": "vulnerability", "uuid": "eee7f2d5-f21b-49e5-81ed-f96d94449b8c", "value": "CVE-2023-6895" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:09/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773021508", "to_ids": true, "type": "sha256", "uuid": "db9709bd-386b-49a0-bbe9-8f12ffb72e6f", "value": "15061036c702ad92b56b35e42cf5dc334597e7311e98d2fdd3815a69ac3b1d84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:09/03/2026", "deleted": false, "disable_correlation": false, "timestamp": "1773021508", "to_ids": true, "type": "sha256", "uuid": "af745552-1c5d-4837-9449-3814ebd8bf98", "value": "a5d4d6be3bfe0cba23fe6b44984b5fc9c7c7e10030be96120bb30da0f2545d4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773021561", "to_ids": true, "type": "domain", "uuid": "c93e21a3-5d0b-4983-9fbe-a56371c6c789", "value": "moonzonet.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773021582", "to_ids": true, "type": "domain", "uuid": "0ecdf9e9-798a-406f-a4ec-91f8c8e294cc", "value": "serialmenot.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773021603", "to_ids": true, "type": "domain", "uuid": "f1e80b44-fcbc-4fbd-a3db-94849ac7104d", "value": "uppdatefile.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773021624", "to_ids": true, "type": "hostname", "uuid": "e7f5e84b-d05e-4767-922a-d5687df05c37", "value": "gitempire.s3.us-east-005.backblazeb2.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1773021646", "to_ids": true, "type": "hostname", "uuid": "e1926812-cb90-4e21-afc9-da9a46359025", "value": "elvenforest.s3.us-east-005.backblazeb2.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021667", "uuid": "bda715d6-9a54-4a6c-b1d2-953cbc85e3fa", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021667", "to_ids": true, "type": "md5", "uuid": "6d960986-431e-4c91-8414-a65de720d0b2", "value": "29953b2e46aeaf0157d487c13c4a0643", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021481", "to_ids": true, "type": "sha1", "uuid": "32bef915-1182-453a-b961-0e49693640b9", "value": "429efcf0370b53cc3c455b634dc066b1d08b568d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021482", "to_ids": true, "type": "sha256", "uuid": "f68bfa78-b1ce-46ee-8b26-3863d70947ca", "value": "077ab28d66abdafad9f5411e18d26e87fe43da1410ee8fe846bd721ab0cb52de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773019886", "to_ids": true, "type": "ssdeep", "uuid": "b9e73c9e-a0b6-48f9-b8ec-84e2d68e0368", "value": "1572864:tpQL+rJ/Lu+bSBscfv7pGHe/zA6wa8iV/dU0pk39/kHE+au0brozD/N0in1OUWjO:tpQCrJ/Lu8DcnFG+/h8KdXk9/kHxaum4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773019886", "to_ids": false, "type": "size-in-bytes", "uuid": "3c9731c8-acdb-4a1d-a43c-3067d0514613", "value": "75387632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773019886", "to_ids": true, "type": "vhash", "uuid": "050fdb08-303b-4082-b7a7-f444d95ddb88", "value": "077056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773019886", "to_ids": true, "type": "filename", "uuid": "d78e37cd-f9fc-41b8-af71-0ced0675a2e2", "value": "setup" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773019886", "to_ids": false, "type": "text", "uuid": "348e753d-1c2c-4b63-b368-6fd50c1b9388", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:23/70\nFirst Submission:2026-02-24T20:59:20.000000+00:00\nLast Submission:2026-03-02T12:27:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021689", "uuid": "bcc3c817-f456-4c9b-b70d-dae3bec515a7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021689", "to_ids": true, "type": "md5", "uuid": "f4e58478-90ed-4a72-a57c-5fe6600305eb", "value": "439c0a0a46627bd166e08436f383ad56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021483", "to_ids": true, "type": "sha1", "uuid": "1e4ea0e6-6bb4-40f5-bee6-b4aa9ced7ce6", "value": "c16099c29ccdb34764e4d15b1dab2d141d159950", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021483", "to_ids": true, "type": "sha256", "uuid": "0a7c5ae6-4c26-4086-a194-670e2d72fbea", "value": "24857fe82f454719cd18bcbe19b0cfa5387bee1022008b7f5f3a8be9f05e4d14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773019908", "to_ids": true, "type": "ssdeep", "uuid": "f03b0698-682f-4100-8686-4d99e45a996f", "value": "3072:+LSMqpdvXugbMnvqYhYBCDOh4zUdORB4mRD8wT6T9yRT6Wml5jbxaq1Ta:+WVplAnrYBdYRBZmxaqla" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773019908", "to_ids": false, "type": "size-in-bytes", "uuid": "4f821b5d-e156-49f5-a1c2-2664fe93f031", "value": "307656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773019908", "to_ids": true, "type": "vhash", "uuid": "924e5236-dd00-46a4-8f30-a4c2b6a5b058", "value": "035056655d15156018z4fhz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773019908", "to_ids": true, "type": "filename", "uuid": "b42f6e77-fc27-4535-8012-b0b72df56d98", "value": "DIDS.exe" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773019908", "to_ids": false, "type": "text", "uuid": "7f80a5eb-ecf1-43c3-972b-d76bdd3f3cdb", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:35/72\nFirst Submission:2026-02-18T18:50:37.000000+00:00\nLast Submission:2026-03-03T06:26:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021710", "uuid": "e4e2b89a-e9b1-40a4-b4b6-109a71b68923", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021710", "to_ids": true, "type": "md5", "uuid": "e1973286-b988-4ffc-a7df-ee08a5e91006", "value": "4860758863fd040a8c809ce53cb7fb37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021484", "to_ids": true, "type": "sha1", "uuid": "de08f4ff-a6bb-4ea3-b436-fb43ca4e2d54", "value": "fa49d1fd5a938b3de0840759db62867e6382cea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021484", "to_ids": true, "type": "sha256", "uuid": "9533de69-3d90-4475-b994-06d0640e4114", "value": "94f05495eb1b2ebe592481e01d3900615040aa02bd1807b705a50e45d7c53444", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773019930", "to_ids": true, "type": "ssdeep", "uuid": "9e7aadc1-6a00-4b36-bf57-3bccb19d7482", "value": "1572864:LPfZUrpoBrPO0+qPnsnaqQKomkK3OvM7x6ZnPGlBBp9nPxTuYyig0fjTJ:LPfCruBrP/x/YQXmoNNebb9x5ywj9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773019930", "to_ids": false, "type": "size-in-bytes", "uuid": "0256cf19-e5d8-47bf-8080-19904985b796", "value": "106536312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773019930", "to_ids": true, "type": "vhash", "uuid": "b8958a34-92b9-4784-9e68-1970dd5ce414", "value": "018056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773019930", "to_ids": true, "type": "filename", "uuid": "294431a6-b5fd-47b0-9bf6-d5db9c2358a6", "value": "setup" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773019930", "to_ids": false, "type": "text", "uuid": "ab418421-05d8-4f12-ae4d-308436578a0b", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:18/70\nFirst Submission:2026-02-27T21:18:48.000000+00:00\nLast Submission:2026-03-06T06:58:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021731", "uuid": "bc0ae8a8-7008-4ec0-a3a4-7522adf6654e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021731", "to_ids": true, "type": "md5", "uuid": "192ae662-b110-441c-83cc-5f61467841b0", "value": "56a4b425aba37ef886bdfbd8343a1bd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021485", "to_ids": true, "type": "sha1", "uuid": "a6adc70b-62b3-4b07-84e0-db9a12afd09d", "value": "3ab3fee4daac90bb7bee470b5b2de8ee0d6bec8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021486", "to_ids": true, "type": "sha256", "uuid": "0e2846d8-89ff-4ec0-b5f3-5dcc98474804", "value": "4aef998e3b3f6ca21c78ed71732c9d2bdcc8a4e0284f51d7462c79d446fbc7be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773019951", "to_ids": true, "type": "ssdeep", "uuid": "3fa25198-61e6-46c6-8648-52d114830f6e", "value": "1572864:3Zcy/5CmaOQKGk55K5QWn50nfM81pzdBfGuJQXGGTqK6eV1+Jd8Cv5qPV:3ZJFH3WninE81pfDoGGTJVYhv5qN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773019951", "to_ids": false, "type": "size-in-bytes", "uuid": "91dfe8f8-b9c9-431b-8511-06230d0626b8", "value": "88529896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773019951", "to_ids": true, "type": "vhash", "uuid": "d1f0c489-3f8f-4c63-8ac5-2c9b27906954", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773019951", "to_ids": true, "type": "filename", "uuid": "92d6ea4d-60c3-415a-a72d-3b80b46767e4", "value": "setup" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773019951", "to_ids": false, "type": "text", "uuid": "b53b7d6b-f433-4fba-a371-cae26a463fab", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:23/70\nFirst Submission:2026-02-26T13:17:17.000000+00:00\nLast Submission:2026-03-03T06:51:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021752", "uuid": "b828ff56-e137-45df-a89d-54dd0b45f5ed", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021752", "to_ids": true, "type": "md5", "uuid": "3c741175-b483-49dc-ba03-3c9265f1888d", "value": "591aae15106147bdb5bc7b26049b943f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021486", "to_ids": true, "type": "sha1", "uuid": "11ff1289-bd90-40e3-93a3-44958c52ca27", "value": "cecf87d582b4df4323eaef04c9a648d43325043a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021486", "to_ids": true, "type": "sha256", "uuid": "d7457733-37f8-480a-a6b1-1a137722875f", "value": "ddceade244c636435f2444cd4c4d3dc161981f3af1f622c03442747ecef50888", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773019973", "to_ids": true, "type": "ssdeep", "uuid": "17b7bd23-5619-4dac-831b-c455782b24e6", "value": "1572864:BZcy/5CmaOQKGk55K5QWn50nfM81pzdBfGuJQXGGTqK6eV1+Jd8Cv5qPZ:BZJFH3WninE81pfDoGGTJVYhv5qR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773019973", "to_ids": false, "type": "size-in-bytes", "uuid": "0e7e65b0-64ca-4f68-b550-ebb56175a00b", "value": "88529904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773019973", "to_ids": true, "type": "vhash", "uuid": "84ba8773-eba8-47ab-bbb4-2cd998b2381e", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773019973", "to_ids": true, "type": "filename", "uuid": "331f61ee-764d-42c0-b303-e6d39d23519c", "value": "setup" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773019973", "to_ids": false, "type": "text", "uuid": "5f6431a2-54b3-49b6-8203-ef8feef7d755", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:24/70\nFirst Submission:2026-02-23T21:22:46.000000+00:00\nLast Submission:2026-03-02T14:05:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021773", "uuid": "b97d7e68-d8e2-4689-847d-f6a66e87d6f8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021773", "to_ids": true, "type": "md5", "uuid": "05d15608-983a-498d-a05b-e6ce45ac6984", "value": "76c59282e44a461105dc5739a6ba7c33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021488", "to_ids": true, "type": "sha1", "uuid": "9889b96d-b037-44ff-a074-84a441a6b155", "value": "7a8963d123918ca86727649492cd1ff4e020cb72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021488", "to_ids": true, "type": "sha256", "uuid": "bf283e46-db7a-4a96-9779-d84a1b994e7d", "value": "64cf334716f15da1db7981fad6c81a640d94aa1d65391ef879f4b7b6edf6e7f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773019995", "to_ids": true, "type": "ssdeep", "uuid": "ff6d99ba-6f3c-41c9-855c-4abf5c25f5e2", "value": "1572864:S6sZA+TMMdh0OWzeRxhsyw1CvawblHmTJGGrxLPXBNGA72PWDt+wzN7RX:S6smSjdhbWzKxhsh1CvaeGNGGrxjXBNX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773019995", "to_ids": false, "type": "size-in-bytes", "uuid": "9120d73e-5569-4433-9106-b90b9ece308a", "value": "87211504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773019995", "to_ids": true, "type": "vhash", "uuid": "ecdbbdc8-5c92-4145-aa5c-9754abe49b3c", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773019995", "to_ids": true, "type": "filename", "uuid": "4b1f41a2-23d2-4e2f-ab44-f69fb2ffeaea", "value": "installer" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773019995", "to_ids": false, "type": "text", "uuid": "67868d2a-ed54-47b5-9a48-f71ed05ab3f5", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:25/70\nFirst Submission:2026-02-16T03:14:20.000000+00:00\nLast Submission:2026-03-02T12:34:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021795", "uuid": "c64fefd7-856c-4222-ac9b-5b600dc189ca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021795", "to_ids": true, "type": "md5", "uuid": "63965c47-b67a-4924-a333-33e79095f124", "value": "7a4119e116ecdefe0a1017110e250e61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021489", "to_ids": true, "type": "sha1", "uuid": "cb6f2414-0e3e-479a-918b-69fb4b694c1d", "value": "be3c8f93e9d7f42ec1133ab36f555b104b23fe1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021489", "to_ids": true, "type": "sha256", "uuid": "29836bc1-776d-4eb0-bc22-f94370ad02ac", "value": "a4bd1371fe644d7e6898045cc8e7b5e1562bdfd0e4871d46034e29a22dec6377", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020016", "to_ids": true, "type": "ssdeep", "uuid": "1fbea3aa-989a-431b-a073-da4e814a963b", "value": "1572864:SpQL+rJ/Lu+bSBscfv7pGHe/zA6wa8iV/dU0pk39/kHE+au0brozD/N0in1OUWjr:SpQCrJ/Lu8DcnFG+/h8KdXk9/kHxaumh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020017", "to_ids": false, "type": "size-in-bytes", "uuid": "8179e109-d11a-4360-90aa-671a3ecfb95d", "value": "75387624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020017", "to_ids": true, "type": "vhash", "uuid": "9724fa46-a71d-4be0-9c2a-a96d160dc823", "value": "077056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020017", "to_ids": true, "type": "filename", "uuid": "3a067992-e99e-4dca-9fb6-b8bc1aaa03f2", "value": "setup" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020017", "to_ids": false, "type": "text", "uuid": "e70210c6-caf6-472d-a9d8-9f59c2ad85c6", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:23/70\nFirst Submission:2026-02-22T21:25:10.000000+00:00\nLast Submission:2026-03-03T06:47:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021816", "uuid": "920f17c5-65d3-4835-83f7-1e2c85a363da", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021816", "to_ids": true, "type": "md5", "uuid": "63e218d4-65da-4b98-b2de-66e894154c44", "value": "7f3c8a7fe78d3d05b6022df3ea0c15fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021490", "to_ids": true, "type": "sha1", "uuid": "4e518e09-e968-435f-8c4d-fdcbc65c5eb0", "value": "0ba2306ec15f7124fafc7615e81f34c7986ba9a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021490", "to_ids": true, "type": "sha256", "uuid": "da2ea208-68e3-407d-9ef9-01d589891e65", "value": "a92d28f1d32e3a9ab7c3691f8bfca8f7586bb0666adbba47eab3e1a8faf7ecc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020038", "to_ids": true, "type": "ssdeep", "uuid": "98926168-c3bc-4e82-878c-ae5cbbfc8e8c", "value": "3072:eLSMqpdvXugbMnvqYhYBCDOh4zUdORB4mRD8wT6T9yRT6Wml5jbxaq1Ta:eWVplAnrYBdYRBZmxaqla" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020038", "to_ids": false, "type": "size-in-bytes", "uuid": "7021946f-a709-4f71-8538-ce5b08d20114", "value": "307656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020038", "to_ids": true, "type": "vhash", "uuid": "d606c1fc-7246-486f-9f5e-1bbee424c0a2", "value": "035056655d15156018z4fhz13z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020038", "to_ids": true, "type": "filename", "uuid": "fb93a428-89d8-4c0a-b5aa-7145a0bacf75", "value": "DIDS.exe" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020038", "to_ids": false, "type": "text", "uuid": "bd48a0bd-f717-4257-8d13-983f24fbed7a", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:43/72\nFirst Submission:2026-03-03T06:35:22.000000+00:00\nLast Submission:2026-03-05T12:38:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021837", "uuid": "5bd2dd06-6d32-406d-be3b-cdea97b5913b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021837", "to_ids": true, "type": "md5", "uuid": "ca3e0b98-b51a-4e36-b021-3cf6cdf98021", "value": "838c8fd4ae7e3c4972adc8800db44929", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021491", "to_ids": true, "type": "sha1", "uuid": "2d5dc18f-0ac6-4cfb-b33c-19aadb676701", "value": "2b781b3a352db44db67ad56e8477e6a1016b2597", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021491", "to_ids": true, "type": "sha256", "uuid": "6203da4e-86d2-431e-9218-aa9c162c7c0f", "value": "64263640a6fdeb2388bca2e9094a17065308cf8dcb0032454c0a71d9b78327eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020060", "to_ids": true, "type": "ssdeep", "uuid": "8491515e-b202-4041-8149-f8ddbee9d75c", "value": "1572864:pwKJPDvHypeHbTLgt8WOw+7JPQ4+hC3N1Fq5FGHMR8UVHML+9m6/nZ/9UjAJB:pwKNvypccaFlD+c3DaGHOsL+9m6/Z/95" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020060", "to_ids": false, "type": "size-in-bytes", "uuid": "4d35f702-27c1-415c-87e3-6717c4629227", "value": "86800256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020060", "to_ids": true, "type": "vhash", "uuid": "0677c6aa-51ef-40cc-a627-d8ecb6d4ccd5", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020060", "to_ids": true, "type": "filename", "uuid": "c4c98a90-a42c-4319-abae-f84d7a14fbd2", "value": "setup" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020060", "to_ids": false, "type": "text", "uuid": "ca5c7fec-8d46-44e1-b2ae-63ed1846fdf0", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent\nVT Total Detection:30/70\nFirst Submission:2026-03-02T18:31:33.000000+00:00\nLast Submission:2026-03-03T03:44:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021858", "uuid": "01440475-d9c5-4509-8c9f-8afceb579d6f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021858", "to_ids": true, "type": "md5", "uuid": "09013e81-8ef4-417b-acea-65d5febf6516", "value": "e2bcc41ddea5cf9d759380701d14f258", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021492", "to_ids": true, "type": "sha1", "uuid": "a5feb45b-3002-4072-bfa6-1d4b4aab0087", "value": "a42b4914b0c8dc47a3a5f8114d0fcbef02d84e0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021492", "to_ids": true, "type": "sha256", "uuid": "b736c768-7063-47fd-b597-a0ab1cb31f4a", "value": "74db1f653da6de134bdc526412a517a30b6856de9c3e5d0c742cb5fe9959ad0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020082", "to_ids": true, "type": "ssdeep", "uuid": "18353ed0-09a4-47c2-a766-7ec274007318", "value": "1572864:+IKIeltfvHDKox83cPm8Jyvd0eLGxH9pZbgjiQYp7Mrs/whah9NwExmbP0Hy:+IKIe7HjXO8Mvd0eLG59pGj+Eof2Exof" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020082", "to_ids": false, "type": "size-in-bytes", "uuid": "9cf637cb-6861-4559-a8f0-1d706bd2b086", "value": "86805232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020082", "to_ids": true, "type": "vhash", "uuid": "20a1b4f9-e1b7-4873-857c-e5bcea174455", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020082", "to_ids": true, "type": "filename", "uuid": "7afb60a7-03ce-49a2-a8c0-b34610f2845d", "value": "setup" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020082", "to_ids": false, "type": "text", "uuid": "00ea1795-c4c1-4250-96f0-e7eed439fbf3", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:24/70\nFirst Submission:2026-02-27T00:37:08.000000+00:00\nLast Submission:2026-03-03T06:50:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021880", "uuid": "870188b3-09e8-4755-b38e-7d2f4d050fd9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021880", "to_ids": true, "type": "md5", "uuid": "a0d3fe0d-fdd6-49d3-86c3-f0efd818cbda", "value": "e6fafcb72f2f315692218182ba84e0ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021493", "to_ids": true, "type": "sha1", "uuid": "6d8f8e62-fabc-47f0-ba71-0ab8e4a8246d", "value": "9c5cc25e80df75f91873bf31a6269e7bdab7c6d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021493", "to_ids": true, "type": "sha256", "uuid": "7983f93c-61b3-4ea7-91f6-4b5020e24b8c", "value": "2b7d8a519f44d3105e9fde2770c75efb933994c658855dca7d48c8b4897f81e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020103", "to_ids": true, "type": "ssdeep", "uuid": "470e5f16-cbfd-4404-a3ad-4bd99928aa36", "value": "1572864:h6sZA+TMMdh0OWzeRxhsyw1CvawblHmTJGGrxLPXBNGA72PWDt+wzN7R2:h6smSjdhbWzKxhsh1CvaeGNGGrxjXBN2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020103", "to_ids": false, "type": "size-in-bytes", "uuid": "6c308dd5-74fa-420f-bc45-62f024c0eb96", "value": "87211504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020103", "to_ids": true, "type": "vhash", "uuid": "7262502d-fac1-4802-be4e-be61ecedf2c7", "value": "087056655d1c0510c043z800417z57z52z4gz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020103", "to_ids": true, "type": "filename", "uuid": "b3546665-c6fd-40c3-a83a-293a63321e70", "value": "installer" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020103", "to_ids": false, "type": "text", "uuid": "1e1b0d0f-4f8e-4e75-b91d-a43f264252ec", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:23/70\nFirst Submission:2026-02-11T21:50:28.000000+00:00\nLast Submission:2026-03-02T12:20:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021901", "uuid": "ce38f57a-7053-46e3-a3c6-995b104256a2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021901", "to_ids": true, "type": "md5", "uuid": "7b76e6d3-803f-4871-8baa-5a294f9bd2b7", "value": "8d8aa0be8f82d22deab96f96d9af34b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021494", "to_ids": true, "type": "sha1", "uuid": "5369e99b-5d5d-4a73-8c6f-962c19927b51", "value": "42111d2ebcd42fa1fa7069560401db736c483776", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021494", "to_ids": true, "type": "sha256", "uuid": "462c519f-513f-442f-b4b1-4d650d0f3062", "value": "0f9cf1cf8d641562053ce533aaa413754db88e60404cab6bbaa11f2b2491d542", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020125", "to_ids": true, "type": "ssdeep", "uuid": "2403c794-4616-48c6-b81f-d4dbaf985b8c", "value": "24576:mNOmTRC/KmPbeqL+FnXvO9+f1KUw+T/s/N:mOmVv+bD+1X29WKwE/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020125", "to_ids": false, "type": "size-in-bytes", "uuid": "0f5be6fc-b6c1-4d4f-a68e-5aba4643da87", "value": "1080832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020125", "to_ids": true, "type": "vhash", "uuid": "6d058d99-cc99-4e44-bc72-9fcfb30c319b", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020125", "to_ids": true, "type": "filename", "uuid": "f492e42f-d444-4df5-a316-841ece3b0558", "value": "0f9cf1cf8d641562053ce533aaa413754db88e60404cab6bbaa11f2b2491d542.msi" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020125", "to_ids": false, "type": "text", "uuid": "e181089e-ae92-4dfe-98b2-8cc44503ed65", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/Malgent!MTB\nVT Total Detection:14/62\nFirst Submission:2026-02-13T10:30:01.000000+00:00\nLast Submission:2026-03-08T03:15:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021922", "uuid": "07a7f230-0358-41e4-b370-723b96378cc9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021922", "to_ids": true, "type": "md5", "uuid": "26ef52a3-5a10-4825-a14c-99609083ab12", "value": "f8560b9a893eeb2130fc7159e9c1b851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021495", "to_ids": true, "type": "sha1", "uuid": "230c9d15-ea18-400b-a1e2-4cf3f0930b2d", "value": "4a54b7237dc9fdd745d0d19083a1ce4857c91de4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021495", "to_ids": true, "type": "sha256", "uuid": "f5ebb613-1625-497b-be17-8b20bd7a7249", "value": "1319d474d19eb386841732c728acf0c5fe64aa135101c6ceee1bd0369ecf97b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020147", "to_ids": true, "type": "ssdeep", "uuid": "96bbf935-3bba-433c-9a6a-f44290e9dad7", "value": "24576:Bi6W8RNckKMmUwcn9YB2Vt4Q7ateRHjKwz2psZhGxAdh5j5oSfGQCE2mkDOiIRvT:B0nUnVt4YFHjKKsubdhZKUX2mk3GV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020147", "to_ids": false, "type": "size-in-bytes", "uuid": "5aa9cfe5-2d1a-4fde-bcc8-4d14a05de3e3", "value": "6919680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020147", "to_ids": true, "type": "vhash", "uuid": "2cede6c3-fba6-407d-9521-a5d926b07926", "value": "0660a6551d15551d15151071z20209008b7zd085z504024afz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020147", "to_ids": true, "type": "filename", "uuid": "69946591-0c9c-439a-a191-0bb0cdfd054f", "value": "visualwincomp.exe" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020147", "to_ids": false, "type": "text", "uuid": "12619d6b-c119-42a8-b1ce-599588f20b60", "value": "Type Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:8/72\nFirst Submission:2026-02-19T09:43:05.000000+00:00\nLast Submission:2026-03-06T04:21:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021943", "uuid": "3f7a9013-78dd-489a-bf13-b8f6461f28c9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021943", "to_ids": true, "type": "md5", "uuid": "1502b1e6-5c12-4621-bc7b-f8d046c6c262", "value": "41c19fc6c8a8687988f28fc487048bf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021496", "to_ids": true, "type": "sha1", "uuid": "2475375a-c802-4595-bb2c-8278f01a1d49", "value": "3de597e3237d5c7e7cc66ecb58b9ea2af149afa1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021496", "to_ids": true, "type": "sha256", "uuid": "174b35ae-4980-4215-a9f0-1c2650a7c054", "value": "1d984d4b2b508b56a77c9a567fb7a50c858e672d56e8cf7677a1fca5c98c95d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020189", "to_ids": true, "type": "ssdeep", "uuid": "b2308ff7-dda2-4ab9-8520-447da30a26ff", "value": "384:zY6bsWacfMey3M5UC0qEXddGSo78p+vV5F5gd/aj:zAxcUeWMmCgFzd/a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020189", "to_ids": false, "type": "size-in-bytes", "uuid": "c66aad7e-2129-4d5c-b5db-d4e2ab82edcc", "value": "22528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020189", "to_ids": true, "type": "vhash", "uuid": "e7f6d1f3-1a5b-4650-b142-f45b57cc0a70", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020189", "to_ids": true, "type": "filename", "uuid": "43787300-06c7-4b0a-aff4-4476ab10786f", "value": "1d984d4b2b508b56a77c9a567fb7a50c858e672d56e8cf7677a1fca5c98c95d1.msi" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020189", "to_ids": false, "type": "text", "uuid": "184a86f4-c4b9-4555-be1e-d5b84d27fd3a", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:26/62\nFirst Submission:2026-02-05T20:09:05.000000+00:00\nLast Submission:2026-03-06T11:59:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021964", "uuid": "1872cc50-e12f-470f-a001-e561051fc859", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021964", "to_ids": true, "type": "md5", "uuid": "21388a49-4591-44a6-8d61-c09fa8a9a0e5", "value": "64e4b0ffd8bed9307eb50b541b1d8fdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021497", "to_ids": true, "type": "sha1", "uuid": "5c32289f-3c7d-4e81-997f-25fa6f01f12d", "value": "58af8d0e3e77f8d16a5a42fc173ebccb5ecb1cd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021497", "to_ids": true, "type": "sha256", "uuid": "f416965e-997b-429c-ae70-6ff751843fd5", "value": "2a00705cfd3c15cf8913e9eb4e23968efd06f1feceaef9987d26c5518887d043", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020211", "to_ids": true, "type": "ssdeep", "uuid": "d3d76301-3299-440d-be62-8aa283952bc3", "value": "192:eL+k3OedC9ZeNpGk+9P2WT42fjkG8hQ4mlRZHLaZcSZWBNhU:ed3JC3ecdvJfjkv7ml3HXBNhU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020211", "to_ids": false, "type": "size-in-bytes", "uuid": "6f0905ed-5f62-4797-bf2e-a974def63643", "value": "9960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020211", "to_ids": true, "type": "filename", "uuid": "8238b753-c2c2-45cd-880f-9b6bb34beeef", "value": "2a00705cfd3c15cf8913e9eb4e23968efd06f1feceaef9987d26c5518887d043.ps1" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020211", "to_ids": false, "type": "text", "uuid": "974a9fba-2fc9-463d-9a0d-21348c0312c7", "value": "Type Description: Text\nMicrosoft: Trojan:Win32/Yomal!rfn\nVT Total Detection:23/62\nFirst Submission:2026-02-12T20:13:41.000000+00:00\nLast Submission:2026-03-04T14:04:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773021986", "uuid": "11df75f3-f539-4d22-ac46-1f0309e5b196", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773021986", "to_ids": true, "type": "md5", "uuid": "f392c002-6d97-42ed-87ec-e8b185c97ab1", "value": "5c057af2f358fc10107d5ccdb39938ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021498", "to_ids": true, "type": "sha1", "uuid": "2ecdc157-1863-4870-8d0b-78fbb5d5a63c", "value": "e2e8516b4f275e8c636620b7377ee3b9f9f47bb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021498", "to_ids": true, "type": "sha256", "uuid": "e62268eb-243f-43f6-b036-fb52ffba7035", "value": "2a09bbb3d1ddb729ea7591f197b5955453aa3769c6fb98a5ef60c6e4b7df23a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020233", "to_ids": true, "type": "ssdeep", "uuid": "21ffdc79-be80-41f3-91f8-c724f90a3db5", "value": "24576:5NOmTRC/KmPbeqL+FnXvO9+f1KUw+T/s/e:vOmVv+bD+1X29WKwE/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020233", "to_ids": false, "type": "size-in-bytes", "uuid": "7d241cf8-c595-46d8-acf3-f9322986cb52", "value": "1096704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020233", "to_ids": true, "type": "vhash", "uuid": "c385ddac-2ed7-4c43-aa10-22717c60bd73", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020233", "to_ids": true, "type": "filename", "uuid": "81e75358-62e8-4a18-a60c-197a48167392", "value": "2a09bbb3d1ddb729ea7591f197b5955453aa3769c6fb98a5ef60c6e4b7df23a5.msi" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020233", "to_ids": false, "type": "text", "uuid": "e543ced7-27d7-4e0d-a573-44eff12cb83d", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Python/MuddyWater.DB!MTB\nVT Total Detection:17/62\nFirst Submission:2026-02-13T11:10:02.000000+00:00\nLast Submission:2026-03-02T14:07:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022007", "uuid": "ac189bce-da46-41f7-9cb1-8b13a9aaea93", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022007", "to_ids": true, "type": "md5", "uuid": "48f4345a-9478-4e7a-8efa-ceb9e4a07df2", "value": "2115e69f71d9f51a6c6c2effdaee2df2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021499", "to_ids": true, "type": "sha1", "uuid": "629a3161-28aa-4b6c-ba82-09f114bf1993", "value": "559052799a52d1b29ac7e87935e9a0c80df5fb16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021499", "to_ids": true, "type": "sha256", "uuid": "83596687-b465-4e3a-a42a-7592b1adcc5b", "value": "3df9dcc45d2a3b1f639e40d47eceeafb229f6d9e7f0adcd8f1731af1563ffb90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020255", "to_ids": true, "type": "ssdeep", "uuid": "3835eac0-93ba-4fd7-add7-11e5fd1c4f98", "value": "12288:xX2c7RgrjQGUoIoK/xibSzbQPvUjw5ebbb8bHmb4Ab/NFbOmb45bQxbDabnLlvUt:IcRw8GUoIUq5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020255", "to_ids": false, "type": "size-in-bytes", "uuid": "dada5e27-903f-4671-a262-302357ddd001", "value": "1032704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020255", "to_ids": true, "type": "vhash", "uuid": "82b00f08-2988-41f3-97cc-c3a656a6550c", "value": "016076655d555515155073z22z6a1z23z3015z11z11afz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020255", "to_ids": true, "type": "filename", "uuid": "b210679e-5ac3-4f82-b253-018c9a6bc90d", "value": "WebView2.exe" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020255", "to_ids": false, "type": "text", "uuid": "9f37f651-47e1-42e2-baa4-4a324024c638", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:33/72\nFirst Submission:2026-03-02T21:14:34.000000+00:00\nLast Submission:2026-03-06T20:35:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022028", "uuid": "f6858d57-3758-4db9-9765-8fa74758a117", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022028", "to_ids": true, "type": "md5", "uuid": "d20afd54-7b6e-4e49-819c-bc905c256b78", "value": "6d1d4e938ed1e46210375308ef3bcb08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021501", "to_ids": true, "type": "sha1", "uuid": "09cd245a-3b13-4eeb-8c65-3284d772b0e6", "value": "4ebfa2d967ce7983790b77a3987cb1c5d1b868f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021501", "to_ids": true, "type": "sha256", "uuid": "9600a93a-3a9b-41e0-946b-12b90898b678", "value": "42a5db2a020155b2adb77c00cbe6c6ad27c2285d8c6114679d9d34137e870b3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020277", "to_ids": true, "type": "ssdeep", "uuid": "fcd5e96e-215f-413e-b892-9f257d7cf823", "value": "96:iIyz6jwkYrK5ST4JQ81/yory2/5D8M6tRqY4j:iIKkg14fNyAy2H6t4Y4j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020277", "to_ids": false, "type": "size-in-bytes", "uuid": "bb9b7831-b285-484d-9ba0-2ba7cdcdd278", "value": "3181" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020277", "to_ids": true, "type": "vhash", "uuid": "e33ba65c-edd8-452e-8353-293adb1cef66", "value": "6fdd02d262e0e5091946bbc9a02b9591" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020277", "to_ids": true, "type": "filename", "uuid": "55605c65-3454-4bc7-93df-8e728a0597d1", "value": "Ps1File" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020277", "to_ids": false, "type": "text", "uuid": "0f4ed321-24ad-4b61-ab4f-e5c3a39b1fdc", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Malgent!MSR\nVT Total Detection:15/62\nFirst Submission:2026-02-12T15:51:53.000000+00:00\nLast Submission:2026-03-04T14:04:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022049", "uuid": "ecb1d722-d565-4096-aa3b-9c62b76fd14d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022049", "to_ids": true, "type": "md5", "uuid": "f405265d-dbf2-4d34-bdd3-eb1946eca399", "value": "3962bfa78c7acd8d85b3700e99ae8d24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021502", "to_ids": true, "type": "sha1", "uuid": "dc7030b6-b1ca-4f8f-9566-336a093ff55a", "value": "5e9d1be3cc70d617cba3953cc901e304951ea8cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021502", "to_ids": true, "type": "sha256", "uuid": "021545c3-b4a5-44b3-812d-7eacb3a00104", "value": "7467f326677a4a2c8576e71a832e297e794ea00e9b67c4fcbe78b5aec697cec4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020299", "to_ids": true, "type": "ssdeep", "uuid": "47ed0124-9d7c-4f2a-9641-031e717392e6", "value": "384:6K51zzHDKc2qMey3M5UC0qEXdWSoJ8p+tLLrZgd/aI:6u1/DKcGeWMmCIPd/a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020299", "to_ids": false, "type": "size-in-bytes", "uuid": "62c4f288-3fab-43d8-903e-7a81fb19af68", "value": "23040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020299", "to_ids": true, "type": "vhash", "uuid": "0389929f-cbd7-4e1d-9401-c8a871b96402", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020299", "to_ids": true, "type": "filename", "uuid": "41d6d97d-8653-4500-b42d-5b10ad9ba12b", "value": "7467f326677a4a2c8576e71a832e297e794ea00e9b67c4fcbe78b5aec697cec4.msi" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020299", "to_ids": false, "type": "text", "uuid": "182aa8c8-8245-4589-a8df-c69f71495881", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: None\nVT Total Detection:23/62\nFirst Submission:2026-03-02T02:38:57.000000+00:00\nLast Submission:2026-03-04T14:24:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022070", "uuid": "59b95a83-f68a-4a10-8253-67a86b3598d4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022070", "to_ids": true, "type": "md5", "uuid": "d2b5a6ae-d51b-45ca-bed4-bb2ac9b5e613", "value": "c23fc7b74370d590223d962727e67907", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021503", "to_ids": true, "type": "sha1", "uuid": "b42ec152-167b-43bf-a3aa-758cc902723d", "value": "2e1cc87d974aa7f07a8911c631a191dc00535b36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021504", "to_ids": true, "type": "sha256", "uuid": "860f5e20-b5a8-4a6c-947f-ab945756f423", "value": "7c30c16e7a311dc0cdb1cdfd9ea6e502f44c027328dbe7d960b9bcd85ccf5eef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020320", "to_ids": true, "type": "ssdeep", "uuid": "6bb7fcf3-4e10-4359-962d-a19576df86b5", "value": "384:GY6bAWacfMey3M5UC0qEXddGSo78p+vV5F5gd/aj:GMxcUeWMmCgFzd/a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020320", "to_ids": false, "type": "size-in-bytes", "uuid": "e9ffcaf9-e1ff-4585-b375-a34352a04f10", "value": "22528" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020320", "to_ids": true, "type": "vhash", "uuid": "1de067fb-daee-4665-bb6e-c28f4ea4e560", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020320", "to_ids": true, "type": "filename", "uuid": "c07e1830-6139-4f71-8fb3-0629ff6c95bd", "value": "7c30c16e7a311dc0cdb1cdfd9ea6e502f44c027328dbe7d960b9bcd85ccf5eef.msi" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020320", "to_ids": false, "type": "text", "uuid": "7d30ead8-b8b6-49b7-8873-085fc5af011c", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:19/62\nFirst Submission:2026-02-06T07:42:07.000000+00:00\nLast Submission:2026-03-04T14:24:38.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022091", "uuid": "86183f41-ee65-411b-855b-789a7810c29d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022091", "to_ids": true, "type": "md5", "uuid": "90ed353e-ca15-47a3-8de6-d40a8ae9cf01", "value": "7236f1a51da141e422d553e36ef6c9d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021504", "to_ids": true, "type": "sha1", "uuid": "42976934-d91f-4eb7-9a1e-df60bfcbe0d3", "value": "3f441a009a907af55bd6d52b0f0f06b601c961dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021504", "to_ids": true, "type": "sha256", "uuid": "e3acde98-2afd-4dbe-b642-bc9801142e91", "value": "b0af82de672d81f3c2f153977923b3884a8a9e7045b182c2379b19a1996931a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020365", "to_ids": true, "type": "ssdeep", "uuid": "7053726d-1a5b-46fc-9df1-09db8e7a6d63", "value": "96:iIyz6jwkYrK5ST4JQ81/yoryaijOtIN+g:iIKkg14fNyAyDj+IN+g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020365", "to_ids": false, "type": "size-in-bytes", "uuid": "494a3a8c-9b4b-46de-917b-5971275b1472", "value": "3125" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020365", "to_ids": true, "type": "vhash", "uuid": "35cd51a4-7af4-4c33-b708-c8e201a28ce7", "value": "6fdd02d262e0e5091946bbc9a02b9591" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020365", "to_ids": true, "type": "filename", "uuid": "ef9c1c2a-f1f9-4c3a-9e80-c67b5f5aeb30", "value": "Ps1File" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020365", "to_ids": false, "type": "text", "uuid": "52e35ee1-3035-4d47-b0b7-10576e24f9b3", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Malgent!MSR\nVT Total Detection:17/63\nFirst Submission:2026-02-06T12:41:38.000000+00:00\nLast Submission:2026-03-04T14:19:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022112", "uuid": "ab61c8ca-0714-4e54-9f15-a50b3a4d9a87", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022112", "to_ids": true, "type": "md5", "uuid": "5e132cca-d4e6-4704-a2fc-2f4bf721e200", "value": "ca37e31d651bbd5bbddef3ea716b8b4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021505", "to_ids": true, "type": "sha1", "uuid": "479a1169-3bfb-4161-8e16-02a2dc91654d", "value": "de9707a8505683930fccf5536e311242425d420a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021505", "to_ids": true, "type": "sha256", "uuid": "00d58d02-35b6-421b-9bf2-303b24d11aa8", "value": "bd8203ab88983bc081545ff325f39e9c5cd5eb6a99d04ae2a6cf862535c9829a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020386", "to_ids": true, "type": "ssdeep", "uuid": "e7587d2d-484b-4434-81b5-da48488ae08f", "value": "384:6P7h9nyZJMey3M5UC0qEXdeSo5y8p+e6LrZgd/aI:6P/smeWMmCdXbd/a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020386", "to_ids": false, "type": "size-in-bytes", "uuid": "ed76d33c-272a-44d9-af07-99d0d477274d", "value": "23040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020386", "to_ids": true, "type": "vhash", "uuid": "13a677f6-c54a-4df6-a72b-27ba61690ae5", "value": "ba151a36b5229126cd8a0e26f5d18ec0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020386", "to_ids": true, "type": "filename", "uuid": "b28da4a7-0cde-430e-974b-203c53bcb1a5", "value": "bd8203ab88983bc081545ff325f39e9c5cd5eb6a99d04ae2a6cf862535c9829a.msi" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020386", "to_ids": false, "type": "text", "uuid": "594cb727-bffe-44a7-8a3a-6b078b744824", "value": "Type Descriptio%WINDIR%\\Installer\nMicrosoft: Trojan:Win32/Wacatac\nVT Total Detection:23/62\nFirst Submission:2026-02-05T14:58:17.000000+00:00\nLast Submission:2026-03-04T14:05:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1773022134", "uuid": "c644bb50-c9a6-42b2-9ae7-255540bbfb68", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1773022134", "to_ids": true, "type": "md5", "uuid": "e4a3b952-f4da-42a8-af6a-7840c4b77377", "value": "c0a52cd5dd35bf9d5d08c7eb12cfa422", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1773021507", "to_ids": true, "type": "sha1", "uuid": "3f7308da-1f8a-4ac6-9fcf-d433a60443a7", "value": "6b186f2881729a977beb6aecb61ac0fe83c5777d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1773021507", "to_ids": true, "type": "sha256", "uuid": "e38e7bf9-a206-4a40-b3e9-ee0072d6da9f", "value": "c7cf1575336e78946f4fe4b0e7416b6ebe6813a1a040c54fb6ad82e72673478e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1773020408", "to_ids": true, "type": "ssdeep", "uuid": "9f7dbeb3-0d6f-43e5-8cce-8746b91b534a", "value": "96:iIyz6jwkYrK5ST4JQ81/yory2/5D8M6tRqqZt+j:iIKkg14fNyAy2H6t4qOj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1773020408", "to_ids": false, "type": "size-in-bytes", "uuid": "6d28d20b-8bf8-466e-9cc1-8de399eb9cb2", "value": "3181" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1773020408", "to_ids": true, "type": "vhash", "uuid": "be5ffcb9-161f-46f4-ab52-0767d6e5e03a", "value": "6fdd02d262e0e5091946bbc9a02b9591" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1773020408", "to_ids": true, "type": "filename", "uuid": "b5c1bf74-63a6-4d5e-811a-e0d4af2825f7", "value": "Ps1File" }, { "category": "Other", "comment": "Checked: 09/03/2026\nLast-scan\t: 09/03/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1773020408", "to_ids": false, "type": "text", "uuid": "7dd99192-00e0-4276-9b41-cae61bc4d719", "value": "Type Description: Powershell\nMicrosoft: Trojan:PowerShell/Malgent!MSR\nVT Total Detection:24/62\nFirst Submission:2026-03-02T02:44:18.000000+00:00\nLast Submission:2026-03-04T14:04:55.000000+00:00" } ] } ] } }