{ "Event": { "analysis": "1", "date": "2025-04-25", "extends_uuid": "", "info": "[Threat Intel] Earth Kurma APT Campaign Targets Southeast Asian Government, Telecom Sectors", "protected": false, "publish_timestamp": "1780040216", "published": true, "threat_level_id": "1", "timestamp": "1780040215", "uuid": "0ad70cee-9206-4d0d-942d-33f43175f240", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Telecoms\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Moriya\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Ladon\"", "relationship_type": "" }, { "colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"", "relationship_type": "" }, { "colour": "#041edc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMB/Windows Admin Shares - T1021.002\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"self-curated\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": "" }, { "colour": "#91ee5f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Rootkit - T1014\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SManager\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Filter Network Traffic - M1037\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Limit Access to Resource Over Network - M1035\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Password Policies - M1027\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Privileged Account Management - M1026\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-course-of-action=\"Restrict Web-Based Content - M1021\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" }, { "colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Kurma\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1745622335", "to_ids": false, "type": "link", "uuid": "ca1f4c11-3f5a-4d6d-a8cd-57e998e40eaa", "value": "https://www.trendmicro.com/en_us/research/25/d/earth-kurma-apt-campaign.html" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "first_seen": "2024-06-01T00:00:00+00:00", "timestamp": "1745622477", "to_ids": false, "type": "threat-actor", "uuid": "6fe03ba9-ff1a-442e-a161-5c359877aa9e", "value": "Earth Kurma" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "first_seen": "2022-09-24T14:50:50+00:00", "last_seen": "2024-10-24T12:06:37+00:00", "timestamp": "1745710127", "to_ids": true, "type": "hostname", "uuid": "d642ca3e-a93c-4a9f-845d-32b21ce8d3f5", "value": "www.dfsg3gfsga.space", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1745710150", "to_ids": true, "type": "hostname", "uuid": "11643cb9-4704-4b00-9c8d-d1798b52aa99", "value": "www.igtsadlb2ra.pw", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1745710172", "to_ids": true, "type": "hostname", "uuid": "26743f6d-c351-45e5-9410-227ae09d563e", "value": "www.ihyvcs5t.pw", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1745710194", "to_ids": true, "type": "hostname", "uuid": "4835b63f-9b1d-47ed-a28d-bd6d1cd7e976", "value": "www.vidsec.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040204", "to_ids": true, "type": "ip-dst", "uuid": "adfda7e3-507b-4011-a763-592b335a7851", "value": "103.238.214.88", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#10b11c", "local": false, "name": "asn:asn=\"45899\"", "relationship_type": "" }, { "colour": "#850e2c", "local": false, "name": "asn:as-owner=\"VNPT-AS-VN VNPT Corp\"", "relationship_type": "" }, { "colour": "#b8567e", "local": false, "name": "asn:as-country=\"VN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"vietnam\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040205", "to_ids": true, "type": "ip-dst", "uuid": "de394bdb-8139-4b17-8dfb-e4aaa4a659b8", "value": "149.28.147.63", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040207", "to_ids": true, "type": "ip-dst", "uuid": "9abc0f46-0a2f-49b2-b13d-96f17328a5e4", "value": "166.88.194.53", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#14d0ec", "local": false, "name": "asn:asn=\"149440\"", "relationship_type": "" }, { "colour": "#1b81cb", "local": false, "name": "asn:as-owner=\"EVOXTENTERPRISE-AS-AP Evoxt Enterprise\"", "relationship_type": "" }, { "colour": "#12ee4d", "local": false, "name": "asn:as-country=\"MY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040208", "to_ids": true, "type": "ip-dst", "uuid": "a5d8269e-7e55-43e5-812d-2f48ecbad960", "value": "185.239.225.106", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#18de80", "local": false, "name": "asn:asn=\"134835\"", "relationship_type": "" }, { "colour": "#ab6901", "local": false, "name": "asn:as-owner=\"SNL-HK Starry Network Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040210", "to_ids": true, "type": "ip-dst", "uuid": "61794d70-6031-418f-9bf5-4a3de8e2baca", "value": "38.147.191.103", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#18193e", "local": false, "name": "asn:asn=\"6134\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040212", "to_ids": true, "type": "ip-dst", "uuid": "67eb2bdf-74bd-427d-97c0-c799ccfc2b21", "value": "38.60.199.225", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e7643a", "local": false, "name": "asn:asn=\"138915\"", "relationship_type": "" }, { "colour": "#1ec497", "local": false, "name": "asn:as-owner=\"KAOPU-HK Kaopu Cloud HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040215", "to_ids": true, "type": "ip-dst", "uuid": "af0c3375-b4c8-48c6-8e90-36e93b709e8a", "value": "45.77.250.21", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025 No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697634", "to_ids": true, "type": "sha256", "uuid": "0621cf51-454b-4ecc-896f-2bc2d37d6c03", "value": "004adec667373bdf6146e05b9a1c6e0c63941afd38e30c2461eaecb707352466", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025 No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697635", "to_ids": true, "type": "sha256", "uuid": "679fc9a9-da9a-4758-b8d2-c45f5627ac85", "value": "0a50587785bf821d224885cbfc65c5fd251b3e43cda90c3f49435bb3323d2a8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025 No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697636", "to_ids": true, "type": "sha256", "uuid": "fe42957c-2d5c-4efd-bee2-0253a6f1cbba", "value": "10898b74b612b1e95826521c5ccf36f7a238f5d181993c3c78c2098fcfdc1f3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KRNRAT No sample in VT\r\nLast check:26/04/2025 No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697637", "to_ids": true, "type": "sha256", "uuid": "db9b9a88-bbc9-4d92-a665-1c95b7d5d56b", "value": "1f3f384e29eab247ec99d97dfe6a4b67110888e4ad313b75fa9d0beceef87e93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697638", "to_ids": true, "type": "sha256", "uuid": "43d9ade7-3546-4292-88db-741ba6457d17", "value": "1f5f6cc1cbf578412ea5279dbdb432eda251309695513a74de66063ab02789f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DMLOADER No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697640", "to_ids": true, "type": "sha256", "uuid": "8caf3d0f-33c7-4367-9cf7-a35d472b4681", "value": "37a397a2482b37d19d58588c0a897a08111b74d122c21542f1bf852ae83e1db0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697641", "to_ids": true, "type": "sha256", "uuid": "1b6c0f32-d18e-44b1-8cc7-40fc63413bd0", "value": "383aa73fe72caf268ce0874ebbcd13fc4c9e1e5c6200cdd66862de7257942cea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697642", "to_ids": true, "type": "sha256", "uuid": "9d85d467-64a9-4e29-bfd2-830f7633162d", "value": "398234b692a80a424939e98a2d96a705ce3fd9d61950420b5f2af45890abc48e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697643", "to_ids": true, "type": "sha256", "uuid": "4ffce0d0-7870-4a40-af18-b8952137c467", "value": "45e1138f2b8e822cbd4573cb53104b402ae26dcddb42c70534cf024a8bc6db66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KMLOG No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697644", "to_ids": true, "type": "sha256", "uuid": "64d2766d-f89e-45dd-a1a5-cb242dbd7128", "value": "49ab6e2b5e378c74d196aecac4e84c969c800051167c1e33d204531fabd17990", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697645", "to_ids": true, "type": "sha256", "uuid": "c071f16f-134b-4703-8ab1-abdf1c68ef72", "value": "4ae186ee19d0d3e246dc37ac722a27d5297d2577de59b8583c97897480290bc1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SIMPOBOXSPY No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697646", "to_ids": true, "type": "sha256", "uuid": "64936380-4649-4fb7-98b2-d94eaf6a9467", "value": "54e14b7742801970c578fad2ec2a193334ca8a17b60ee18dd6ec0fbfc8ce900b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697648", "to_ids": true, "type": "sha256", "uuid": "78d476b8-a341-4a73-8472-464dba2a994d", "value": "612a5fcb7620deef45a021140b6c06ab9c0473dce5b7e4a54960e330a00c90f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KMLOG No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697649", "to_ids": true, "type": "sha256", "uuid": "1b9dfa87-ca64-4e09-a21c-2e0d24e79b57", "value": "6190b13df521306bfa7ee973b864ba304ee0971865a66afbe0b4661c986099f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697650", "to_ids": true, "type": "sha256", "uuid": "e95be96e-57c4-411c-9aed-f63864662588", "value": "6bbbb227d679ea00f0663c2e261d5649417d08285f9acc1fd80e806ddea08403", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697651", "to_ids": true, "type": "sha256", "uuid": "a060c592-d15c-4291-b674-764234b8ae8a", "value": "6ef3a27fdca386fe093c12146cd854d9ae6b42ca637950ca46bfd364ceab5b53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697652", "to_ids": true, "type": "sha256", "uuid": "56c57957-6365-4a1c-b059-c97e8d9891a7", "value": "73afc6af6fdfcaf9832aa2975489271bad7c8ea58679f1a2ddd8f60b44cc4a13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697653", "to_ids": true, "type": "sha256", "uuid": "04411173-f771-4248-82ed-b5eb59cac80d", "value": "75cc8474abb1d9a06cd8086fede98958653d013fb7ff89bbc32458b022a8fc94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MORIYA No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697655", "to_ids": true, "type": "sha256", "uuid": "257eb92b-e566-470d-a2df-8fd56811e93e", "value": "823a0862d10f41524362ba8e8976ddfd4524c74075bd7f3beffa794afb54f196", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697656", "to_ids": true, "type": "sha256", "uuid": "4398ee74-c870-4d66-a3e7-ad505556e565", "value": "85e78a1b0a78e5d921c89241aaadd505d66dc4df29ca7d8a81098f42487ba350", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SIMPOBOXSPY No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697656", "to_ids": true, "type": "sha256", "uuid": "b9a02245-f51f-4234-9fb6-02fcdd295b9d", "value": "876c822f333e812041af24ae80935a830ca5016f9aaf2e8319ebb6cab1f9d7d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KMLOG No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697657", "to_ids": true, "type": "sha256", "uuid": "aa5946d6-6063-4d2a-8bee-dbb394a2238f", "value": "8ca1ffbd3cd22b9bead766ebd2a0f7b2d195b03d533bacf0cb8e1b1887af5636", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697659", "to_ids": true, "type": "sha256", "uuid": "ad84c67b-2910-4eaa-8172-2e7726cb6f52", "value": "8e6583cca6dd4a78bdc0387c7f30334ab038e5c77848f708fe578e60dd8d9e00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ODRIZ No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697660", "to_ids": true, "type": "sha256", "uuid": "2097cc0f-50c4-44b4-a56a-4258443841f7", "value": "96b407856889c920a49f921d925118a130b904e99f9fe43a87342c680ffb9f27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697661", "to_ids": true, "type": "sha256", "uuid": "b09b8d4c-3858-41c2-b589-df5bc6447611", "value": "a359a06fbc6b5cf5adf7f53c35145b28f3c8a70f6998631090021825aea08e22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697662", "to_ids": true, "type": "sha256", "uuid": "09df7707-73a0-408e-b85b-f19cd1fdffa3", "value": "aef3407310de48e13575c3d98b660ab7ddafb7efe3f4909682907ac286062392", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER No sample in VT\r\nLast check:26/04/2025", "deleted": false, "disable_correlation": false, "timestamp": "1745697663", "to_ids": true, "type": "sha256", "uuid": "b086f5c4-f7ef-4525-bef0-8013efcff995", "value": "f52d9355b9efb6a1fcb32b890c5c373274df21ce38050d49416f469be95dc783", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770864083", "to_ids": false, "type": "comment", "uuid": "cb67d87d-9787-4694-a88c-1395f9ce4811", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2025/250425-Earth-Kurma/16.png" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770864129", "to_ids": false, "type": "comment", "uuid": "6b696a5a-05f8-48b4-8864-44c9412e4b09", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2025/250425-Earth-Kurma/17.png" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770864129", "to_ids": false, "type": "comment", "uuid": "5e0a57f7-2d5e-4f48-ad5b-cdd8f33a52cc", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2025/250425-Earth-Kurma/18.png" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "first_seen": "2023-01-18T08:35:32+00:00", "last_seen": "2025-01-24T00:43:14+00:00", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710364", "uuid": "b6f45eab-6490-4ce3-ac26-dec4f6acd9ac", "Attribute": [ { "category": "Payload delivery", "comment": "WMIHACKER", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710364", "to_ids": true, "type": "md5", "uuid": "961bd082-5053-4195-ba81-0121dadd5c81", "value": "72a67ae423be6f28fea0800b43e8d7ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WMIHACKER", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745680603", "to_ids": true, "type": "sha1", "uuid": "d3b04563-17c6-4b54-bb6e-cd6bf89ecb5b", "value": "bd3035c7fe00b7e61aeddd20271c73cc1fd85c0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WMIHACKER", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745680604", "to_ids": true, "type": "sha256", "uuid": "9e3681c6-c332-49d4-94fc-433d1f3ae545", "value": "131bacdddd51f0d5d869b63912606719cd8f7a8f5b5f4237cbdb5c2e22e2cba2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745680603", "to_ids": true, "type": "ssdeep", "uuid": "202567db-d92f-4939-8c8c-f5a5dc5bd656", "value": "768:lSwW2ECJWcuVEWn50JjgJNE+9WI9ixto2j2hWFLZ9+2l3IWi5eXN55cDXh1108Fn:lSwW2ECJWcUJNUxW2j4WFLZ9+2l3IWiT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745680603", "to_ids": false, "type": "size-in-bytes", "uuid": "3d256ffb-b93f-4853-940c-b53b7279f6ea", "value": "28871" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745680603", "to_ids": true, "type": "vhash", "uuid": "6e457ec2-e21e-4176-8dfb-f840ef8bfb03", "value": "fb8b27d1845829d82003d3ecb0d6d06c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745680603", "to_ids": true, "type": "filename", "uuid": "188412bb-4874-4fbf-ab83-951261b71784", "value": "WMIHACKER_0.6.vbs" }, { "category": "Other", "comment": "Checked: 26/04/2025\r\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745680810", "to_ids": false, "type": "text", "uuid": "f7f79c6c-0c33-42f1-bf34-5e2b67880569", "value": "WMIHACKER\r\nType Description: VBA\r\nMicrosoft: None\r\nVT Total Detection:23/61\r\nFirst Submission:2023-01-18T08:35:32.000000+00:00\r\nLast Submission:2025-01-24T00:43:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "first_seen": "2021-01-18T04:18:40+00:00", "last_seen": "2023-11-20T15:08:05+00:00", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981637", "uuid": "478a2e85-c385-42b8-9039-d3cf76586d3f", "Attribute": [ { "category": "Payload delivery", "comment": "SIMPOBOXSPY", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981637", "to_ids": true, "type": "md5", "uuid": "fdd0ca22-4d57-43f6-a2af-3876c487a3fa", "value": "bebbeba37667453003d2372103c45bbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SIMPOBOXSPY", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745680625", "to_ids": true, "type": "sha1", "uuid": "4f5e3286-7a85-4f57-be24-9f988387e8d5", "value": "34894d5ffa541ab159b69a2fe0937a5430dac545", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SIMPOBOXSPY", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745680625", "to_ids": true, "type": "sha256", "uuid": "9764f4ed-7bad-47f7-bcc7-92dcf36e2ee4", "value": "1ab42121bb45028a17a3438b65a3634adb7d673a4e1291efeabf227a4e016cfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745680624", "to_ids": true, "type": "ssdeep", "uuid": "b5ee0202-3abf-40ec-a9ba-89b8610e8056", "value": "1536:2mL9NKuJbBehqzFiWdAHCuYUx+4Hrci6UVKsWjcda6/j:2q8GFiSAHCu/6qV//" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745680624", "to_ids": false, "type": "size-in-bytes", "uuid": "c9e0cf17-93ba-4fec-ac81-b2445a47160a", "value": "97280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745680624", "to_ids": true, "type": "vhash", "uuid": "e0a0cf89-05cf-483d-b38f-6311bd1c2861", "value": "094056651d15556az45!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745680624", "to_ids": true, "type": "filename", "uuid": "3fa9c0c0-a099-4246-af13-59ca2f134262", "value": "bebbeba37667453003d2372103c45bbf.exe" }, { "category": "Other", "comment": "Checked: 26/04/2025\r\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745680681", "to_ids": false, "type": "text", "uuid": "73b97410-9acc-467b-898b-084e60c17d9d", "value": "SIMPOBOXSPY\r\nType Description: Win32 EXE\r\nMicrosoft: Trojan:Win32/Casdet!rfn\r\nVT Total Detection:50/72\r\nFirst Submission:2021-01-18T04:18:40.000000+00:00\r\nLast Submission:2023-11-20T15:08:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710407", "uuid": "24f1d146-f591-4a31-99b7-9d3077624864", "Attribute": [ { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710407", "to_ids": true, "type": "md5", "uuid": "2a3cd015-c18f-4287-8fa1-d911fe1e712d", "value": "e00ded614b884035245c26c81e971736", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745680646", "to_ids": true, "type": "sha1", "uuid": "5b1680f9-93a2-4156-8b36-5b4636544565", "value": "9ad3ecabcba8ac55e6157b0e805b11e916c16d8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745680646", "to_ids": true, "type": "sha256", "uuid": "df4d97c8-0023-4631-a27e-9cea0eeab4d0", "value": "1c350d09c1cd545d54c38cd03aba3fd4eb0e8d97a3ba6c3744cc33ed92cb9a48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745680646", "to_ids": true, "type": "ssdeep", "uuid": "24a4d7e0-36ef-49cf-a1db-889332163a5c", "value": "12288:j0bOaCkovCK5fx8mGMI0bd01SRwQWGf6U:Ab+aK76M5d01SR5Pf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745680646", "to_ids": false, "type": "size-in-bytes", "uuid": "e0647714-49fc-4c95-969c-498b148516f7", "value": "480256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745680646", "to_ids": true, "type": "vhash", "uuid": "40348c42-e244-46a0-b12f-a5b9ba33e86e", "value": "145066655d1555755az48jz1iz1" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745680646", "to_ids": false, "type": "text", "uuid": "6e0f0931-243a-4d67-876f-a11866f7bdfb", "value": "DUNLOADER\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/CobaltStrikeBeacon!rfn\nVT Total Detection:48/72\nFirst Submission:2024-10-28T16:10:37.000000+00:00\nLast Submission:2024-10-28T18:07:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "first_seen": "2023-09-18T07:24:44+00:00", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710429", "uuid": "1ea9323c-2b0c-4459-bb96-4c2628ac154d", "Attribute": [ { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710429", "to_ids": true, "type": "md5", "uuid": "2d794868-96c9-49ce-9649-9bd36989181e", "value": "066729fdf942acf829bb00c82d0d98e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745680668", "to_ids": true, "type": "sha1", "uuid": "14f04efe-4c97-4fdb-871d-620ee40e5975", "value": "c4e8d3c5c18c5be05988d144ce5edbab5c50951d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745680668", "to_ids": true, "type": "sha256", "uuid": "c192d1f8-28b7-4254-98a7-9b12b4db42ba", "value": "1e48967e24d4ae2ac2697ef09c0f2702285825831bd516cb3be8859496fd296f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745680667", "to_ids": true, "type": "ssdeep", "uuid": "b49ea2ba-c0ed-4244-ad42-6041ccfcf203", "value": "3072:5UdPyHKNjTqa+w7/gk9bfocoA39CIRwN3ZLtuQVvm9OVGNCg9C:OdPn5TqaZ4k9bwcv0Iy5hcJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745680667", "to_ids": false, "type": "size-in-bytes", "uuid": "dbdaba1e-12f1-48c9-874e-af4e512328b1", "value": "255488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745680667", "to_ids": true, "type": "vhash", "uuid": "8318e653-27ad-447d-8be0-7e5cdeb67837", "value": "125066655d1555155az46jz1iz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745680667", "to_ids": true, "type": "filename", "uuid": "f76d9a86-4104-4e88-9d09-0cfcfb4966a1", "value": "waksv.Vdll" }, { "category": "Other", "comment": "Checked: 26/04/2025\r\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745680730", "to_ids": false, "type": "text", "uuid": "168dc7f0-ee43-4387-b1cb-73f212bfaaa2", "value": "DUNLOADER\r\nType Description: Win32 DLL\r\nMicrosoft: Trojan:Win32/Wacatac.B!ml\r\nVT Total Detection:47/72\r\nFirst Submission:2023-09-18T07:24:44.000000+00:00\r\nLast Submission:2023-09-20T09:33:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "first_seen": "2024-11-13T01:24:22+00:00", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710451", "uuid": "201da52d-7192-4d95-9ad4-a5ac8faf6671", "Attribute": [ { "category": "Payload delivery", "comment": "KRNRAT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710451", "to_ids": true, "type": "md5", "uuid": "dcf14e98-e0e3-48c2-8d43-e3aa57e1c9a9", "value": "934dd0d8b41d3fbd2d0b53df1d3fd0b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KRNRAT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681331", "to_ids": true, "type": "sha1", "uuid": "14180c6d-e7fe-405e-90ae-dc80cf71323d", "value": "5582b3da785e8d24c3dcf64fe7b28218045dbfeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "KRNRAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681331", "to_ids": true, "type": "sha256", "uuid": "51ae5a48-c635-4fbe-806d-4dadeeaecd1f", "value": "2c9b8e4852181d51ff72dc6dec78bef014db8af83d30c05c3e9c5eb060278730", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745680731", "to_ids": true, "type": "ssdeep", "uuid": "30075bf2-d5e9-46e6-bc7e-c9c53d71da66", "value": "3072:HjdlFoSHsNlpJNDcpnnkFo2iAW+wncl2+WAdT4:Hjd0SHopJND8kNZ9lVT4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745680731", "to_ids": false, "type": "size-in-bytes", "uuid": "849286c4-2be6-4743-98d2-84feb2c7af3d", "value": "132816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745680731", "to_ids": true, "type": "filename", "uuid": "33dd97c0-3cb3-43d9-a264-718613b9c61a", "value": "SmartFilter.dat" }, { "category": "Other", "comment": "Checked: 26/04/2025\r\nLast-scan\t: 26/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745680773", "to_ids": false, "type": "text", "uuid": "85262615-b9c1-4ed2-a0c2-7138ef17785b", "value": "KRNRAT\r\nType Description: unknown\r\nMicrosoft: None\r\nVT Total Detection:2/61\r\nFirst Submission:2024-11-13T01:24:22.000000+00:00\r\nLast Submission:2024-11-13T01:24:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "first_seen": "2023-08-14T06:31:46+00:00", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710472", "uuid": "ee02433c-aa9f-49cb-80c9-6cdf6e905f2a", "Attribute": [ { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710472", "to_ids": true, "type": "md5", "uuid": "31839682-72f2-4d70-a68a-bf78163318e5", "value": "78928b2767d6117c9263f7607b8e14cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745680753", "to_ids": true, "type": "sha1", "uuid": "6f685010-eb47-4436-a8bc-0861e283c330", "value": "7e62ee9920d395a513aa4b112ecb22f7b5803be7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745680753", "to_ids": true, "type": "sha256", "uuid": "0ceeafe1-34e8-44c2-a5c2-b370bcafc543", "value": "2e87615142170a7510e26f94790bfb81df4d499a9f530d0bd8fe0fb1575b17f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745680752", "to_ids": true, "type": "ssdeep", "uuid": "46349d6b-a7e7-4d39-be24-b5bc34be303f", "value": "3072:FHwbFSoJtcLEQ70RRIsK+vU53z6f/qUG0iwYjyeqj4q:h2F5ncoQ8IMUj6fRXZ4q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745680752", "to_ids": false, "type": "size-in-bytes", "uuid": "738dbc06-ba3e-484e-bed2-dbf26e43be37", "value": "148480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745680752", "to_ids": true, "type": "vhash", "uuid": "c3768008-7b41-4e2c-866b-4e2c1641bef6", "value": "015056651d15551az4a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745680752", "to_ids": true, "type": "filename", "uuid": "9e483d11-b052-446d-a1d5-591602d1d15a", "value": "ShellcodeLoader.exe" }, { "category": "Other", "comment": "Checked: 26/04/2025\r\nLast-scan\t: 26/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745680937", "to_ids": false, "type": "text", "uuid": "5a4420ad-a0fe-432b-a7e6-6258dcce444a", "value": "TESDAT\r\nType Description: Win32 EXE\r\nMicrosoft: None\r\nVT Total Detection:15/72\r\nFirst Submission:2023-08-14T06:31:46.000000+00:00\r\nLast Submission:2023-08-14T08:03:19.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "first_seen": "2025-04-10T08:16:00+00:00", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710494", "uuid": "c5099075-e345-413a-91d4-e994242368c2", "Attribute": [ { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710494", "to_ids": true, "type": "md5", "uuid": "71b18013-6c73-4520-a6b1-71115d4232a6", "value": "57f4053f5d673cd7b6e7fe4dd33606ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745680774", "to_ids": true, "type": "sha1", "uuid": "036b8bac-727b-4f98-85f0-8e5149596021", "value": "a40a3a6b5073d24f708295f3c43edd8e4e774c06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745680774", "to_ids": true, "type": "sha256", "uuid": "030b597e-b143-42b7-b124-9d1c8b65245b", "value": "34366323262346e10d8780bad9d30c6d4d747e4ec543243be76f33b7c028ea36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745680774", "to_ids": true, "type": "ssdeep", "uuid": "7a3121fa-d77a-48ad-a1ab-a4aa36d5b392", "value": "1536:f5WSo/wdNj+egyJMwhJzF+v7vUaGXtnOSBF5JNVM85wsW+FcdBdBFSZj:fUSnNjrgyXMjsXJnM8MBdBFSZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745680774", "to_ids": false, "type": "size-in-bytes", "uuid": "7d806e32-0b75-4e83-be57-0e89d542f27b", "value": "81408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745680774", "to_ids": true, "type": "vhash", "uuid": "9e795768-9a6b-4272-b723-28f79865f5ff", "value": "184056655d15156az4a?z1" }, { "category": "Other", "comment": "Checked: 26/04/2025\r\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745680898", "to_ids": false, "type": "text", "uuid": "5390a605-55c7-43d2-9101-64f2114d6b4a", "value": "TESDAT\r\nType Description: Win32 DLL\r\nMicrosoft: Trojan:Win32/Wacatac.B!ml\r\nVT Total Detection:43/72\r\nFirst Submission:2025-04-10T08:16:00.000000+00:00\r\nLast Submission:2025-04-10T08:16:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "first_seen": "2023-09-06T07:52:07+00:00", "last_seen": "2023-09-06T07:52:07+00:00", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710515", "uuid": "88323950-54a2-460f-8f0a-d4d0742b07d5", "Attribute": [ { "category": "Payload delivery", "comment": "MORIYA", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710515", "to_ids": true, "type": "md5", "uuid": "b2628808-79bb-4659-8949-0a8e6e5d4810", "value": "bc854390140aa80a363ff0c051a1a7bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MORIYA", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745680859", "to_ids": true, "type": "sha1", "uuid": "fbe84900-21c0-489f-905e-009b3b02d02f", "value": "3b6c7916aeae21628397b59de742a621026df6b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MORIYA", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745680859", "to_ids": true, "type": "sha256", "uuid": "d1145a8f-c42e-4d0f-81df-cca51e3a9dc0", "value": "4198b4ec5bb0c72112e9cf835686c33b9a97037acfb7727e494046a73106e938", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745680858", "to_ids": true, "type": "ssdeep", "uuid": "a810e204-0fc7-49e0-a1e2-b9fac14209da", "value": "768:u+coGUKDsSLqqC2WkiK8+eahodS4A6JJKYPw5:XcoGUNSDHsdS4AOJg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745680858", "to_ids": false, "type": "size-in-bytes", "uuid": "8ac2f3e5-297a-4adf-844d-932ea1954b8c", "value": "37584" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745680858", "to_ids": true, "type": "vhash", "uuid": "884f6fc7-49a2-4cbd-8627-c751d1fe6686", "value": "034066651d7516551iz2cxz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745680858", "to_ids": true, "type": "filename", "uuid": "9b8ae0da-1498-4083-a739-eb0e7390c825", "value": "ProxifierDrv.sys (PEJFM-PC016)" }, { "category": "Other", "comment": "Checked: 26/04/2025\r\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681029", "to_ids": false, "type": "text", "uuid": "64b906bd-c70f-446b-8374-92dffd7c140a", "value": "MORIYA\r\nType Description: Win32 EXE\r\nMicrosoft: Trojan:Win32/Wacatac.B!ml\r\nVT Total Detection:26/72\r\nFirst Submission:2023-09-06T07:52:07.000000+00:00\r\nLast Submission:2023-09-06T07:52:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710537", "uuid": "f24c5bda-68b8-4eb5-a770-46cd210260b5", "Attribute": [ { "category": "Payload delivery", "comment": "NBTSCAN", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710537", "to_ids": true, "type": "md5", "uuid": "ccba0a16-ba4b-4cb1-8fba-2cf7d2288c70", "value": "67165600be58fc451de2059d1d754353", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NBTSCAN", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681006", "to_ids": true, "type": "sha1", "uuid": "ba76c9e2-0ab4-447b-8301-aea2945e29d2", "value": "136076ee6164f20feb4bb322fe0656bc755ebdaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "NBTSCAN", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681007", "to_ids": true, "type": "sha256", "uuid": "ee0ce9b2-04e8-430d-bd61-499f6ce9485b", "value": "66edb72f6f7c8cad23c6659a81fa023f57c1a86c7d7b7022f1453b177f2b3670", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681006", "to_ids": true, "type": "ssdeep", "uuid": "9f75153f-554b-44c0-a063-aa9560b21d25", "value": "192:Q73RoaUhZ8gCyqpY7EegIXVyn6yS5F80tMg0DC5cYzsb7fFytH8zu2Ds:Q73RNUEtpY7WF8IIMg0G5Awco" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681006", "to_ids": false, "type": "size-in-bytes", "uuid": "5c8f3da2-325f-448f-a1eb-5641125ef7fa", "value": "12800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681006", "to_ids": true, "type": "vhash", "uuid": "e9c06b38-20cc-4bea-9ad7-6d2e9303e5a9", "value": "01403e0f7d1bz401=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681006", "to_ids": true, "type": "filename", "uuid": "54ec0964-9446-4e6c-a159-447f1026ac17", "value": "nbtscan.exe" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 26/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681006", "to_ids": false, "type": "text", "uuid": "5203fef5-4122-4091-b3ab-22f8879e80a0", "value": "NBTSCAN\r\nType Description: Win32 EXE\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:40/72\nFirst Submission:2020-08-05T09:55:22.000000+00:00\nLast Submission:2022-10-26T11:52:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710558", "uuid": "c29b7dc6-5ce7-45d8-85d8-7abedc55e247", "Attribute": [ { "category": "Payload delivery", "comment": "ICMPINGER", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710558", "to_ids": true, "type": "md5", "uuid": "9f82a338-9930-463c-8212-817fa7c454e4", "value": "1f276e6545d92a0607dee715b594ef8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ICMPINGER", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681134", "to_ids": true, "type": "sha1", "uuid": "ec3f6110-d6fb-4bf1-96f5-8ce39db9aad6", "value": "720d744310bede34a011205006e03be4b9d491cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ICMPINGER", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681134", "to_ids": true, "type": "sha256", "uuid": "c7291042-8429-4ca0-af88-03627afad595", "value": "8414136128f73fa7e29032df7b8115bc89832c57e2602d81de1e520cc2d7958d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681134", "to_ids": true, "type": "ssdeep", "uuid": "d3a44b27-40fb-4309-9c76-675ed4151e2f", "value": "1536:83E+mzjpiJc2WGL5NpeH4v711ncGNOALcvTnfNsWjcdJnsi+:GmHYm2plyYJHN+bfyVs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681134", "to_ids": false, "type": "size-in-bytes", "uuid": "a99294ba-7c43-4168-94d5-842ccb037865", "value": "92672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681134", "to_ids": true, "type": "vhash", "uuid": "d750489b-79f8-482a-8b06-a4830f71acdf", "value": "094056655d15556az45vz47z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681134", "to_ids": true, "type": "filename", "uuid": "68520271-324f-47cb-8ab9-644bb0e4954b", "value": "sc.exe" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681134", "to_ids": false, "type": "text", "uuid": "d7209c11-da73-4416-9e0a-8e2c73e3ec8d", "value": "ICMPINGER\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:7/72\nFirst Submission:2021-08-09T05:04:16.000000+00:00\nLast Submission:2023-09-21T03:28:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710579", "uuid": "86757ac2-fc73-4da5-96b0-1d67a7c4a503", "Attribute": [ { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710579", "to_ids": true, "type": "md5", "uuid": "3f5a1cf4-04fd-4cd7-9a4c-2355ca96e6c1", "value": "dbd7194fc85fcb8b1c7f265ee82619bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681197", "to_ids": true, "type": "sha1", "uuid": "3fb4076c-5157-423a-940e-90cbf17d75e6", "value": "205ed479eda3e605985c5d7bd1ace5ee5d1141d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681197", "to_ids": true, "type": "sha256", "uuid": "1382ec4b-edc0-4507-9c64-9d57ffad2b3d", "value": "8c703148567cb66fe27bc07d18de58aa36aa84a49f1ce7545e9ec56378857d3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681197", "to_ids": true, "type": "ssdeep", "uuid": "5243de08-1b12-432f-87c1-910be00054ca", "value": "3072:4jNtZ+FR2pG7h2kT0jlW/VqOUxIl663VCXol:oZaZ+lIldl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681197", "to_ids": false, "type": "size-in-bytes", "uuid": "56ebcf16-f8df-4584-902f-3b0981ac9a95", "value": "204800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681197", "to_ids": true, "type": "vhash", "uuid": "49d6942e-ce77-414d-a81c-fb07644a85a2", "value": "025056655d151560c8z4anz2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681197", "to_ids": true, "type": "filename", "uuid": "7ed9ac93-c3b1-403e-bafd-c4648cfc3dc8", "value": "Viper.exe" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681197", "to_ids": false, "type": "text", "uuid": "07f24508-21f7-4954-b1ae-b201f758a382", "value": "TESDAT\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:38/72\nFirst Submission:2024-03-20T13:51:02.000000+00:00\nLast Submission:2024-03-20T13:51:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710600", "uuid": "d0f8ba3c-8265-4e6d-8c6b-d4876783abba", "Attribute": [ { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710600", "to_ids": true, "type": "md5", "uuid": "fb294e9f-627b-4bee-950c-ace9792d0587", "value": "617ea77bf8f26f79df8dc7d7542fd517", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681302", "to_ids": true, "type": "sha1", "uuid": "770cd85e-228c-4ff8-8523-0c8981f32d2c", "value": "ebb90582a0589d355c7c770fb8a1235050b7344a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681302", "to_ids": true, "type": "sha256", "uuid": "b49e3669-4fe8-47a3-b6dd-b0cb1ad34b7e", "value": "aa925a5a8a7d5b36a66431f4968bd1003d1bbb6cb3ff6d03d9e3e0143c48382b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681302", "to_ids": true, "type": "ssdeep", "uuid": "98e3803d-9f17-4560-8787-a68a5ccf3241", "value": "3072:EU9finqNjTqa+w7/gk9bfocoA39CIRwN3ZLtuQVvmtOVGNCg9C:39fH5TqaZ4k9bwcv0Iy5ZcJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681302", "to_ids": false, "type": "size-in-bytes", "uuid": "ca227ac4-10f6-4081-b3c9-9d130bf6c90f", "value": "255488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681302", "to_ids": true, "type": "vhash", "uuid": "f0284832-ac42-466c-bc5f-627af781d9e3", "value": "125066655d1555155az46jz1iz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681302", "to_ids": true, "type": "filename", "uuid": "91e0bcf7-2b7f-4e64-99c2-e991dfd23879", "value": "output.dll" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681302", "to_ids": false, "type": "text", "uuid": "ce2e4e3b-f174-423a-b1be-16ce77898449", "value": "DUNLOADER\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Cobaltstrike.EN!MTB\nVT Total Detection:48/72\nFirst Submission:2023-08-01T09:23:31.000000+00:00\nLast Submission:2023-08-05T11:34:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710622", "uuid": "715a5eb7-2954-47b2-8c6c-a08a63b7981a", "Attribute": [ { "category": "Payload delivery", "comment": "LADON", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710622", "to_ids": true, "type": "md5", "uuid": "9b52ae09-32ef-494d-8bbc-926d50034117", "value": "60554308955996496aa1e7c4e4399816", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LADON", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681344", "to_ids": true, "type": "sha1", "uuid": "300b77f0-6c5f-4cbe-8c17-7a35adac6ed0", "value": "49b5260daa9a920537fb240363e85d49719d6fd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LADON", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681345", "to_ids": true, "type": "sha256", "uuid": "3e757a96-8f04-47bd-84a3-b6f085f5bb9c", "value": "b26e8e0be066ee0b86f8fb2b0a703717ebbf34c8a33ef9a6f8f164ad012f1746", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681344", "to_ids": true, "type": "ssdeep", "uuid": "e685fb1b-a717-4440-b4df-70e10810a1d4", "value": "196608:xmXCkL+e1QweUVLeHnY7/sLoCEbPyrU0/TQ7uVqMuftY0IWoT:mXyusLo1DMUP7+ulY0IWo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681344", "to_ids": false, "type": "size-in-bytes", "uuid": "f87729eb-348b-4a31-b65e-8359e89024cd", "value": "10404802" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681344", "to_ids": true, "type": "vhash", "uuid": "c240f77f-2e50-4bd8-bc2b-533a30ebae74", "value": "017076655d155515755048z64!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681344", "to_ids": true, "type": "filename", "uuid": "c38d004f-021e-4cec-954e-f37b73c0105e", "value": "60554308955996496aa1e7c4e4399816.virus" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681344", "to_ids": false, "type": "text", "uuid": "22967773-e7bb-4809-bead-76768b75c153", "value": "LADON\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:36/72\nFirst Submission:2024-01-06T22:21:30.000000+00:00\nLast Submission:2024-01-06T22:21:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710643", "uuid": "4fd61e6a-5f2b-4ff6-9bf5-3726a4318a4d", "Attribute": [ { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710643", "to_ids": true, "type": "md5", "uuid": "0bea9837-2688-44f6-9859-698afba9371f", "value": "199f5ae7304df2ad471b800af76da1ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681366", "to_ids": true, "type": "sha1", "uuid": "6ac1b9a9-2702-4cea-8e5a-034d0caa4152", "value": "f3387205f3404481db75149e839df8d3e215bd0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681366", "to_ids": true, "type": "sha256", "uuid": "37ce0f50-187f-4da7-9d7b-ea9c8a822dfb", "value": "c0326a0cd6137514ee14b6ac3be7461e8cf6c6adec74d087fd30cb06b91ecda2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681365", "to_ids": true, "type": "ssdeep", "uuid": "aa5bd8f3-6159-41e4-9c38-fb3f4cfbb519", "value": "3072:PiGzjVE00w3s5nT9kJ5iXAjtCJ0Xm0v4yOtkX:Pi0jVtc5T94MAjcQ8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681365", "to_ids": false, "type": "size-in-bytes", "uuid": "5723fc91-ef0c-41f1-89a9-3e8d257249a2", "value": "142848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681365", "to_ids": true, "type": "vhash", "uuid": "05ad3ccd-09f7-41ca-b76e-566bc6ec5fbc", "value": "015056651d15551az4a!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681365", "to_ids": true, "type": "filename", "uuid": "dca732eb-04da-45dc-be9c-336fad07f526", "value": "123.exe" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 26/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681365", "to_ids": false, "type": "text", "uuid": "123e2ba7-b28e-416b-a59f-dcbf148c6886", "value": "TESDAT\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:32/72\nFirst Submission:2023-08-14T06:34:31.000000+00:00\nLast Submission:2023-08-14T07:56:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710664", "uuid": "9eab23c4-0451-40ef-b5c1-4df040e56192", "Attribute": [ { "category": "Payload delivery", "comment": "FRPC", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710664", "to_ids": true, "type": "md5", "uuid": "364aac84-117b-465f-a29c-0b98279b1184", "value": "fdee6c0e96764496c63f1a0929a7d160", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FRPC", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681387", "to_ids": true, "type": "sha1", "uuid": "860f04d8-6e44-4b20-9b4a-88097de86a3e", "value": "2469102c7c83e5af44e413a20409880b43184ac5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FRPC", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681387", "to_ids": true, "type": "sha256", "uuid": "b1e0e6ea-8a68-46cd-9be2-614ed2f0cdf4", "value": "c6f73268eba553c7991f876a166440f5b4d519dea6b13bc90583fde1e89e81ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681387", "to_ids": true, "type": "ssdeep", "uuid": "37c4ab7e-ef35-4f82-bd87-20b7b83d6a97", "value": "49152:xGTNKJYZV2MAqMsIU49uyxL1Tc6rOpoCTw/Tp27/l97coO00nCcMml/Imsv5IGPx:xmIM2MBMsFAlTcTwkH7cvtR54GG3Yq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681387", "to_ids": false, "type": "size-in-bytes", "uuid": "0849d92d-1933-4d0f-a3b9-fb095f0471b9", "value": "3611648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681387", "to_ids": true, "type": "vhash", "uuid": "ec368cdc-8426-4965-8cb9-adccb80b2abd", "value": "03603e0f7d1bz4!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681387", "to_ids": true, "type": "filename", "uuid": "dfef90a1-7087-4dfb-9daf-ccd8ab763f02", "value": "NEAS.fdee6c0e96764496c63f1a0929a7d160.exe" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681387", "to_ids": false, "type": "text", "uuid": "12061f1d-7e28-4c3b-b150-5c62976f0be7", "value": "FRPC\r\nType Description: Win32 EXE\nMicrosoft: PUA:Win32/FRProxy\nVT Total Detection:43/72\nFirst Submission:2023-11-06T02:48:44.000000+00:00\nLast Submission:2023-11-19T23:17:48.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710685", "uuid": "bdd0671e-0e61-4205-8451-b24cb6f4c7ad", "Attribute": [ { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710685", "to_ids": true, "type": "md5", "uuid": "349236ad-a5d7-4610-a17d-d2c55303dc8e", "value": "e7c16833d3b78d4fcdaf651ecb8b67e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681408", "to_ids": true, "type": "sha1", "uuid": "e8db6fc4-c5cd-4fa8-bab7-515484d97012", "value": "f7cbdb5136f7560628af3632accfbe9223351200", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "TESDAT", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681408", "to_ids": true, "type": "sha256", "uuid": "15a27db6-f4ef-4be1-a3a8-c17e26cf2640", "value": "d3d2355b1ffb3f6f4ba493000e135dfd1b28156672e17f0b34dfc90cc3add352", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681408", "to_ids": true, "type": "ssdeep", "uuid": "f92da0b5-8e65-464a-a1b2-814967126398", "value": "3072:ZU0DiZVPGr+R3m4tiSJbgakhc0Xm0voyfwRLj:ZUuiZ4yRW4AQgaGz0RL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681408", "to_ids": false, "type": "size-in-bytes", "uuid": "0248c00c-1d60-45bf-aa14-c1264e91d01a", "value": "142336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681408", "to_ids": true, "type": "vhash", "uuid": "fecf34de-e393-4a73-b392-9cb27e524d93", "value": "015056651d15551az49!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681408", "to_ids": true, "type": "filename", "uuid": "622a67a6-45e5-4abf-addb-d76f0c2b4a00", "value": "sada.exe" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 26/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681408", "to_ids": false, "type": "text", "uuid": "c25852dc-088f-41b5-b167-d75e3661d4e2", "value": "TESDAT\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:17/72\nFirst Submission:2023-08-14T06:38:44.000000+00:00\nLast Submission:2023-08-14T06:38:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710707", "uuid": "bfd8d256-41a1-4f7d-852a-5becc5e625bb", "Attribute": [ { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710707", "to_ids": true, "type": "md5", "uuid": "25bb81e8-ba82-416d-a077-5045a9696637", "value": "b1fbdcf9057825ee2fe726798d376e5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681429", "to_ids": true, "type": "sha1", "uuid": "3ff50eb7-fd80-4192-a08f-5b68951c6e50", "value": "cde8543c1b11cd4741d7a93faa663416666e1226", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DUNLOADER", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681430", "to_ids": true, "type": "sha256", "uuid": "80d82dcc-b2a1-4a68-9016-76cd1e790615", "value": "e143c15eaa0b3faccc93ce3693960323dbaa683ac9ce30382e876690278dfefa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681429", "to_ids": true, "type": "ssdeep", "uuid": "3bb81797-9e1b-47b4-b6cd-f9ee7cff2edb", "value": "3072:tUV3GJtNdTqa+w7/gk9bfocoA39CIRwN3ZLtuQVvm5OVGNCg9C:6V3OHTqaZ4k9bwcv0Iy5NcJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681429", "to_ids": false, "type": "size-in-bytes", "uuid": "053faad3-2c0c-4b48-a642-2fc2d8bbb3fb", "value": "255488" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681429", "to_ids": true, "type": "vhash", "uuid": "ef3c0716-cd90-4761-9a96-386aaaff2622", "value": "125066655d1555155az46jz1iz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681429", "to_ids": true, "type": "filename", "uuid": "13089a34-e876-4f4e-b034-bd74f37d7e61", "value": "djobject.dll" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681429", "to_ids": false, "type": "text", "uuid": "e2042909-0ce3-4dc4-8e7d-e3e670304d89", "value": "DUNLOADER\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:47/72\nFirst Submission:2023-08-18T08:30:02.000000+00:00\nLast Submission:2023-08-18T08:30:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710728", "uuid": "4add441a-106f-41f7-b04a-9e32f7c4e2bb", "Attribute": [ { "category": "Payload delivery", "comment": "MORIYA", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710728", "to_ids": true, "type": "md5", "uuid": "8b1bb26f-f279-4fb8-b512-a4d65e0b14d5", "value": "8aa37b228a76dca1f3e02297d9bd6d52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MORIYA", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681451", "to_ids": true, "type": "sha1", "uuid": "00e44b8c-567e-4fd3-9479-1c3f7bf8647d", "value": "5f6bcdb04184091c9bc198c175af394cb4303512", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MORIYA", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681451", "to_ids": true, "type": "sha256", "uuid": "82654bea-d5de-4917-93ab-9ac78d01d53f", "value": "ec9220cf8208a3105022b47861d4e200672846ef484c1ea481c5cfd617cb18dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681450", "to_ids": true, "type": "ssdeep", "uuid": "40afa86f-1a8f-4453-9bf1-a89193ede4a5", "value": "384:bfmGwnrQwqw5wluN4RoqRoyJ3kY9A8aFNKFIjH6ClipAOsfuh5PvDe37usOo8Vdm:j+coGUKB9G6Ija6iOOsceahodS4AtnY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681450", "to_ids": false, "type": "size-in-bytes", "uuid": "dd9f6ad7-7ba3-492a-a7a5-b03bb64195dd", "value": "37896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681450", "to_ids": true, "type": "vhash", "uuid": "54271534-796f-4596-bec9-60fb2be9fd4d", "value": "034066551d7516551iz2dxz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681450", "to_ids": true, "type": "filename", "uuid": "b1fcb237-27df-4e34-9e61-84848bb906fc", "value": "ProxifierDrv.sys" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 26/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681450", "to_ids": false, "type": "text", "uuid": "c3e910d9-1506-47a3-b52b-5e4e87024f01", "value": "MORIYA\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:8/72\nFirst Submission:2023-09-20T07:31:14.000000+00:00\nLast Submission:2023-09-20T08:00:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710750", "uuid": "c0e2587d-a0ce-4b74-bd62-4edab14b9ee8", "Attribute": [ { "category": "Payload delivery", "comment": "LADON", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710750", "to_ids": true, "type": "md5", "uuid": "6da70c70-18d9-43a6-960c-be5ab049ddd1", "value": "705ccaefbc25b5de7fe861ea1e9a7238", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LADON", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681472", "to_ids": true, "type": "sha1", "uuid": "51d43a1d-5f1b-4a96-8626-5a89680c9884", "value": "e3a5d17b32edecb8dca3783a5193e1289ef13252", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LADON", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681472", "to_ids": true, "type": "sha256", "uuid": "70db0e61-70fe-4c20-98cb-8352b541d58a", "value": "f3916c414db0f660d488c9d3aaa8355f3eb036ca27a9c606fe7e5e1a9bd42b38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681471", "to_ids": true, "type": "ssdeep", "uuid": "d6ceac21-8cc1-4965-b7f3-22779d87517c", "value": "196608:xNtTat9onJ5hrZERVM+ENFJzFcguxoIWtA7cQEag9le:5i9c5hlERVMRFJzFcguxoBtA7Ql" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681471", "to_ids": false, "type": "size-in-bytes", "uuid": "349908d8-9886-44bc-b7aa-e0321fb08cb5", "value": "7842097" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681471", "to_ids": true, "type": "vhash", "uuid": "35d0e465-8991-41b4-98eb-764898a068d3", "value": "076076655d155515755048z64!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681472", "to_ids": true, "type": "filename", "uuid": "7cd25ec2-5e4b-413e-b2a1-c25235a9ce70", "value": "Info.exe" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681472", "to_ids": false, "type": "text", "uuid": "497386e1-98c8-4c00-85d5-0f2d390994c2", "value": "LADON\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:25/72\nFirst Submission:2023-08-01T09:46:16.000000+00:00\nLast Submission:2023-08-01T09:46:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1745710772", "uuid": "b471934f-db0b-4645-9aeb-c2b68042676b", "Attribute": [ { "category": "Payload delivery", "comment": "FRPC", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1745710772", "to_ids": true, "type": "md5", "uuid": "fb6a69a8-d231-4480-92d8-9dfaa0f77e9a", "value": "332049620b2946f03c70c4720a249fb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FRPC", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1745681514", "to_ids": true, "type": "sha1", "uuid": "2c2f09e4-a56a-4b70-baf8-d9124e93645d", "value": "e943ea26f16ded692b4f7b588fe0042d154615f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FRPC", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1745681514", "to_ids": true, "type": "sha256", "uuid": "2aaaefeb-cf2b-4e4f-9e47-45817eec0ceb", "value": "f9892636093266a01ed6f0486c00189d2eeb532a3086660490f4efeb6d026487", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1745681514", "to_ids": true, "type": "ssdeep", "uuid": "b3ef4735-926e-40d3-80a1-479895d4db83", "value": "98304:YLG43fDbyAfPFycIP5j8Cfcm0nEjEFNxu4IB0d0:YLG4LWAI8CrBjEH730" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1745681514", "to_ids": false, "type": "size-in-bytes", "uuid": "1fa8cbb0-c963-4dc1-9bee-ca4ca328f709", "value": "12705792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1745681514", "to_ids": true, "type": "vhash", "uuid": "75e5067f-6afe-42bd-94e7-532177332be7", "value": "017066655d5d15541az29!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1745681514", "to_ids": true, "type": "filename", "uuid": "6c5f93de-b1a0-42cb-a170-1b93816d8144", "value": "WinUpdate.exe" }, { "category": "Other", "comment": "Checked: 26/04/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1745681514", "to_ids": false, "type": "text", "uuid": "d5f09cea-7c3d-43d1-97fd-e93e926411c1", "value": "FRPC\r\nType Description: Win32 EXE\nMicrosoft: None\nVT Total Detection:33/72\nFirst Submission:2023-08-01T09:24:35.000000+00:00\nLast Submission:2023-08-03T16:59:29.000000+00:00" } ] } ] } }