{ "Event": { "analysis": "1", "date": "2025-02-20", "extends_uuid": "", "info": "[Threat Intel] Updated Shadowpad Malware Leads to Ransomware Deployment", "protected": false, "publish_timestamp": "1780040378", "published": true, "threat_level_id": "1", "timestamp": "1772902037", "uuid": "10c081ae-38e5-4278-bec4-54debb50add4", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#717bc3", "local": false, "name": "misp-galaxy:producer=\"Trend Micro\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#81b347", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Access Software - T1219\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#682cad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#36a9d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"", "relationship_type": "" }, { "colour": "#b24806", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Indicator Removal - T1070\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#70b0b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": "" }, { "colour": "#a05856", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"", "relationship_type": "" }, { "colour": "#fdd85e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"", "relationship_type": "" }, { "colour": "#297c25", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ShadowPad\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT41\"", "relationship_type": "" }, { "colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#4cea11", "local": false, "name": "misp-galaxy:target-information=\"Italy\"", "relationship_type": "" }, { "colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740151315", "to_ids": false, "type": "link", "uuid": "c5f360ab-bbcb-4590-a86f-7b315047529c", "value": "https://www.trendmicro.com/en_us/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1740151315", "to_ids": false, "type": "text", "uuid": "e1b400ab-b38a-447c-b2ae-d9aca36797b0", "value": "A recent investigation revealed Shadowpad malware being used to deploy a new ransomware family in Europe. The threat actor targeted 21 companies across 15 countries, primarily in the manufacturing sector. Access was gained through remote network attacks, exploiting weak passwords and bypassing multi-factor authentication. The Shadowpad malware showed enhancements in anti-debugging techniques and encryption methods. Unusually, a previously unreported ransomware was deployed in some cases, mimicking the appearance of Kodex Evil Extractor but with different functionality. The attackers also used tools like CQHashDumpv2 and Impacket for post-exploitation activities. While attribution remains uncertain, there are weak links to the Teleboyi threat actor." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1740151315", "to_ids": false, "type": "text", "uuid": "041add51-8200-4d1a-b99f-2370976ccf09", "value": "Name: Updated Shadowpad Malware Leads to Ransomware Deployment\nAuthor: AlienVault\nAdversary: \nTags: [\"shadowpad\", \"ransomware\", \"dns over https\", \"multi-factor authentication bypass\", \"anti-debugging\", \"impacket\", \"remote network attacks\", \"intellectual property theft\", \"plugx\", \"manufacturing\", \"cqhashdumpv2\"]\nTgtd countries: []\nMlwr families: [\"ShadowPad - S0596\", \"POISONPLUG.SHADOW\", \"PlugX - S0013\", \"Thoper\", \"TVT\", \"DestroyRAT\", \"Sogu\", \"Kaba\", \"Korplug\"]\nAttack_ids: [\"T1003\", \"T1082\", \"T1219\", \"T1055\", \"T1021\", \"T1112\", \"T1016\", \"T1087\", \"T1070\", \"T1083\", \"T1057\", \"T1110\", \"T1078\", \"T1027\", \"T1486\", \"T1012\", \"T1485\", \"T1134\", \"T1490\"]\nIndustries: [\"Manufacturing\", \"Transportation\", \"Publishing\", \"Energy\", \"Pharmacy\", \"Banking\", \"Mining\", \"Education\", \"Entertainment\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222777", "to_ids": true, "type": "hostname", "uuid": "f717da81-d13e-49a3-81b4-9f5425b326cd", "value": "updata.dsqurey.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222798", "to_ids": true, "type": "hostname", "uuid": "a52eaf43-a9c7-4962-8a75-fecde123ce2e", "value": "time.dsqurey.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222819", "to_ids": true, "type": "hostname", "uuid": "2383febd-0127-47cb-888c-5e6845e62290", "value": "dscriy.chtq.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222841", "to_ids": true, "type": "hostname", "uuid": "7ab68b01-464d-4ea2-921d-dc8811df30fd", "value": "system.chtq.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222862", "to_ids": true, "type": "hostname", "uuid": "e3a98cca-988b-43e0-82f5-14afc26b722c", "value": "updata.chtq.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222883", "to_ids": true, "type": "hostname", "uuid": "edf56095-9f9c-45f8-88aa-8ce0469fe39f", "value": "network.oossafe.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222904", "to_ids": true, "type": "hostname", "uuid": "4d594527-e8e2-482d-96cc-59348f835f71", "value": "notes.oossafe.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222926", "to_ids": true, "type": "hostname", "uuid": "a39a5771-e330-473d-bfb4-8b14ba5efad7", "value": "caba.superdasqe.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222947", "to_ids": true, "type": "hostname", "uuid": "bdac2794-7fd8-4627-9fcc-52b1b4782f58", "value": "ccs.superdasqe.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222969", "to_ids": true, "type": "hostname", "uuid": "3980b187-f7ed-42d8-b8ac-65ec335fbf95", "value": "czs.superdasqe.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740222990", "to_ids": true, "type": "hostname", "uuid": "e039b598-ac19-46ad-85b6-73ed46e502dd", "value": "kzb.superdasqe.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221289", "to_ids": true, "type": "sha256", "uuid": "f46b94f2-730a-4501-b0b9-b1c33d7117fe", "value": "8d44f2f442ca8f2fbbf75086a6f8d518c300ca93fe9957a9716076919b475865", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221291", "to_ids": true, "type": "sha256", "uuid": "3db10c6a-b494-4f80-93a9-fdd8142684cd", "value": "83c1a668ab06f55e6879593ca24eed9f78832be97ac90bb74ef5828067f2d900", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221292", "to_ids": true, "type": "sha256", "uuid": "681bd8e1-e0e5-4b50-997f-aab0483f6f71", "value": "28e6362ecf033b2a26c7457dcbd7ad2ab34e253fb08666d39073391a1254ea41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221294", "to_ids": true, "type": "sha256", "uuid": "e53a2c74-527d-49e7-b09b-242fa1d80a5b", "value": "7416f6b69b34b3a36a86e50808e1dc47f4dc665bfd6f394cef65e0ba5eaf961b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221295", "to_ids": true, "type": "sha256", "uuid": "709467b7-8604-40c4-a048-033269418909", "value": "d74b6b2129936377aaccc619bcfd4df4ffbe2f35f960a4b043b23ae78a31ec35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221297", "to_ids": true, "type": "sha256", "uuid": "50ab8877-c7f8-4bbf-a0ff-8ac3aa2edca5", "value": "366ea3377eaefa28b655b530710c03fb2ace67bb531b1820e916cb02023892ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221299", "to_ids": true, "type": "sha256", "uuid": "52cc65f6-b1cc-4e16-9255-c5799c907538", "value": "f8915c5be0649642dac22572355f1462972f5087471f66f6a243f2374b208eb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221300", "to_ids": true, "type": "sha256", "uuid": "cf88cae9-833f-41a8-9993-8f953df74e36", "value": "625ed0e0ad7d3fbf2738349c767a7990c9f0d388de66104e11df3e0c4632033c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221302", "to_ids": true, "type": "sha256", "uuid": "768a953f-aa33-4b7b-bdc5-c94818406882", "value": "431a630983cd327fc70ea49b3a5497a179dbde19d8f13d2cfceef4e47613024b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221303", "to_ids": true, "type": "sha256", "uuid": "16336a26-1627-45fd-a9e2-a6b213d8e577", "value": "e1d72b0cfc3342b8a6436e3047c3cc54246c346ac179e459d07620d192ba6e01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221305", "to_ids": true, "type": "sha256", "uuid": "a751aaba-1e79-4220-b7b0-b74eaaf5c5cf", "value": "fa7f2ddf91980d639a87465bd2a38eaa44d6079b11ace3b2b3dff03caed66de5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221307", "to_ids": true, "type": "sha256", "uuid": "afabeb26-e32f-430f-b75f-c38e54b857ca", "value": "b28bc39e569aa0cfe984c341830cb037c5305877ba22a940c3bdaeb43ca87878", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221308", "to_ids": true, "type": "sha256", "uuid": "3695ffb7-c8a2-4196-8a2d-54620232d3b6", "value": "571607c7f55c3616e4c58db15e3d55317da10294dbc10e0cd1ed24879b8fc051", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221310", "to_ids": true, "type": "sha256", "uuid": "74713f3e-552e-49fc-a1bd-f4fb2cfcf381", "value": "bc5b2ef81593095696433877cccb0ab75ef942258ef4795de5538df842d952f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221312", "to_ids": true, "type": "sha256", "uuid": "120b4562-7d04-4d2b-9198-56f1f8516ad3", "value": "fa3a3351cd55089d40a7311e4bfaf15e4247416f78383d94ad58809467429b3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740221313", "to_ids": true, "type": "sha256", "uuid": "571e983e-dfd0-44a2-b3ad-f60208ae6000", "value": "2df4c7bfa608ca88d9d659358894226910850ac0d7e566c6c10ec2727361d47b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223011", "uuid": "79eb63d0-25aa-46e9-90f5-e9aed5b98cbf", "Attribute": [ { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223011", "to_ids": true, "type": "md5", "uuid": "5ac3cdd5-cc7e-4770-a94a-6e94bc99566a", "value": "034127c03e43b5b356f21fc6e595b302", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221255", "to_ids": true, "type": "sha1", "uuid": "7dbf5cd8-0af2-4798-9fbf-5dd659f0b02f", "value": "b3fabe5f68fac8a5de0f42514e0129b42ae425ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221256", "to_ids": true, "type": "sha256", "uuid": "3e7c1b97-bd50-496c-a9b0-b46b1e9f04ee", "value": "c19be7a006bd2ba8deb56dcc6127a76f9624c6f1392a1794870dbed6f1a81bd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220043", "to_ids": true, "type": "ssdeep", "uuid": "d363ac75-7bd3-4976-adff-7485cf3add46", "value": "3072:5rTFf93rZ3yiR0nL2GkVzmJI9++c3hjH4FuEp:ZTF93rZykMLkVqJI9Dc3Kh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220043", "to_ids": false, "type": "size-in-bytes", "uuid": "04a8732b-31b2-48d3-8f14-ae06f1dcf43c", "value": "104448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220043", "to_ids": true, "type": "vhash", "uuid": "cab50078-5e5d-4bb1-aed6-38c5b1443ce9", "value": "115056655d15151az48!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220043", "to_ids": true, "type": "filename", "uuid": "04cd983f-7a7c-4879-a99d-0ed58e763553", "value": "_SentinelAgentCore.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220043", "to_ids": false, "type": "text", "uuid": "d5e4ec58-c10f-4db4-9f20-4a905c39c2f7", "value": "Shadowpad loaders\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:46/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223032", "uuid": "293ac3b5-ee32-424f-8224-bc1394a53fbd", "Attribute": [ { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223032", "to_ids": true, "type": "md5", "uuid": "4e5afd2d-029e-4b95-b8b6-e333b32d1701", "value": "027c8a7c9d892efe2301444685352b9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221258", "to_ids": true, "type": "sha1", "uuid": "29d7a3ee-ab43-49b3-85f9-7fca83566828", "value": "4b259d4362aefd6565a7a6933e70e8800d9eec19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221258", "to_ids": true, "type": "sha256", "uuid": "a03567c1-95d5-4485-a746-e91dd2653fcc", "value": "c4db25ab55af2e943a297a5ecf7a62acc3ad8897ec8ba4ab3226a138da237b82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220066", "to_ids": true, "type": "ssdeep", "uuid": "bede9521-5090-47a2-aef0-328235e5fc87", "value": "3072:sggvlTKLAyTvBbTRfMqAqTP9kMUeAhdoi0FtrN7D:LgvlTmAyTvBXRMFqy/Utx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220066", "to_ids": false, "type": "size-in-bytes", "uuid": "1fb58992-8ec1-4753-8e1b-aeb96dd20f61", "value": "118272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220066", "to_ids": true, "type": "vhash", "uuid": "0f019dcf-389b-4645-8855-9907ada74ad9", "value": "115056655d15551az4b!z" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220066", "to_ids": false, "type": "text", "uuid": "94e31677-59db-4107-ade8-f9d154cefbea", "value": "Shadowpad loaders\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:28/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223053", "uuid": "077243ee-bcb1-4c6f-8e98-2c012eb1f255", "Attribute": [ { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223053", "to_ids": true, "type": "md5", "uuid": "73ff3e55-117d-42c5-b28a-0743989664b5", "value": "239b552695b6695e56ce51cbd5f0c7dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221260", "to_ids": true, "type": "sha1", "uuid": "f02c51f5-6fcc-478e-aac7-26908635821e", "value": "b3221f3b46b8a76540694d85d135383a46d87987", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221261", "to_ids": true, "type": "sha256", "uuid": "b092aa7b-191f-4592-9f43-69892ec6dd8a", "value": "bc490047fe6e0b0000c6cd147d3cf483105c92cf00450bfe35ac70f276a9e5c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220134", "to_ids": true, "type": "ssdeep", "uuid": "954440d9-c2cd-435f-9718-2edfc9295cf3", "value": "3072:1D/TKc8TG9v+yB7vhbCpP4llxlONmTh5nHtktxybr2FyxCFt7:pK5TUv+yxvhWOphh5NktxybKkg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220134", "to_ids": false, "type": "size-in-bytes", "uuid": "5a064a46-5e00-4c20-9c8a-4bb721816196", "value": "118784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220134", "to_ids": true, "type": "vhash", "uuid": "378d8a6a-c0bc-4c04-a58e-acc22c597588", "value": "115056655d15551az48!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220134", "to_ids": true, "type": "filename", "uuid": "7b278fc7-b968-4064-a54e-ce6ff20efc34", "value": "logexts.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220134", "to_ids": false, "type": "text", "uuid": "1e00b7bd-2c2d-42e2-b9d0-89b7e4619bdb", "value": "Shadowpad loaders\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:41/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223075", "uuid": "05823119-87ea-41ec-a48d-b0032ea83293", "Attribute": [ { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223075", "to_ids": true, "type": "md5", "uuid": "729b121e-a6f7-42d6-8059-d11505eb8e7b", "value": "4cada74f6530e3c21374f25a3617ad8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221263", "to_ids": true, "type": "sha1", "uuid": "bf3fa2e1-59a2-4f50-a270-4401180b9d8e", "value": "14c8bb542f0e58db6787b7275c584e5ef2027874", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221264", "to_ids": true, "type": "sha256", "uuid": "1a686b0b-86ea-4489-910a-623e363d929b", "value": "c5f8a256d0969e253633160b9728b6c2bc044f536e92af178a05a598aaa09c1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220158", "to_ids": true, "type": "ssdeep", "uuid": "65d6f3ff-e5c8-4742-9470-dbbd63e84ca3", "value": "3072:Qp/Qm78TK9RyB7vhbRpkiRynT8G4mrm6SeBSK/jsf730X:Q2mAToRyxvhlKk2TCmi6JkK/BX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220158", "to_ids": false, "type": "size-in-bytes", "uuid": "2f5bdcab-0000-4230-8330-d8da01edfb88", "value": "119296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220158", "to_ids": true, "type": "vhash", "uuid": "c5f55d80-5e78-417d-96b8-7ca814cc2f1f", "value": "115056655d15551az4f!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220158", "to_ids": true, "type": "filename", "uuid": "be5c0d8c-1c19-4b00-a12e-56f5ffdbe825", "value": "logexts.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220158", "to_ids": false, "type": "text", "uuid": "47c70179-d263-44c4-9ec2-643eb0e7d9f4", "value": "Shadowpad loaders\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/DllHijack!rfn\nVT Total Detection:43/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223096", "uuid": "9495ea2f-87a1-4d6b-bfd1-77392f8742e3", "Attribute": [ { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223096", "to_ids": true, "type": "md5", "uuid": "c68d899e-06b5-4e1c-89ed-51401c188bbd", "value": "6bb2e0e349d477141dc382b68b64e351", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221266", "to_ids": true, "type": "sha1", "uuid": "9d1ebe57-679e-48f6-8795-0e0a3d4bb8a4", "value": "b941e48fa3fe681e50e1b86e053a3ec0ce597ebb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221266", "to_ids": true, "type": "sha256", "uuid": "8171d0ee-e747-482c-a07a-f1e0006cca9e", "value": "a2bb321d41b2300e80f9400950fa2125470d5b3927933ab4d6397f0cbf81532a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220182", "to_ids": true, "type": "ssdeep", "uuid": "eeba492d-cf87-4244-a4cb-5a05d827086b", "value": "3072:0AVUTLtzyeeRXPt0RamhzMHJPqbaXUn2ZU7AkNn:ZVUTxzyeeRXV0EmhzCNbP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220182", "to_ids": false, "type": "size-in-bytes", "uuid": "b01e1c54-5ca5-4ed5-803c-2a4a2c69f102", "value": "117760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220182", "to_ids": true, "type": "vhash", "uuid": "eb42584f-7dc6-4260-99a1-b9a527bdfddc", "value": "115056655d15551az4b!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220182", "to_ids": true, "type": "filename", "uuid": "a1019ce3-7065-44a9-be8e-9d27324d6e51", "value": "logexts.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220182", "to_ids": false, "type": "text", "uuid": "929fd647-2548-47e6-9561-503985b6a0eb", "value": "Shadowpad loaders\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:31/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223117", "uuid": "b4fa3b29-9bd7-447e-a92e-dd1bc0e93bb4", "Attribute": [ { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223117", "to_ids": true, "type": "md5", "uuid": "470d3bc7-cc31-4556-b2bc-1af6fa638640", "value": "922f78e5b5a8f3366bdb7d51d21d4614", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221268", "to_ids": true, "type": "sha1", "uuid": "63431dfc-93ee-48da-b924-8cb6247ef9c1", "value": "391453677b669af6010f29dcd5aba0077b2275d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221269", "to_ids": true, "type": "sha256", "uuid": "d02ba1a2-d054-42f0-a4a2-f318826b1038", "value": "b38dab1ee402f731313d697d5d79372ae97fcab5704077771b5b82e705e0cd6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220273", "to_ids": true, "type": "ssdeep", "uuid": "53f3807c-a806-4c25-a5c5-954db2c0c191", "value": "3072:xU/oXgTiRBNOnHIv1B0apxhrMYJ19LjdW3tNLrzv:ZgTWBNOnHwL02xhrB9oN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220273", "to_ids": false, "type": "size-in-bytes", "uuid": "c9ab7a54-de70-4649-af04-2784c1b1b23d", "value": "122368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220273", "to_ids": true, "type": "vhash", "uuid": "4dd68b00-135d-443f-9153-cd57fa528203", "value": "115056655d15551az4c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220273", "to_ids": true, "type": "filename", "uuid": "ad0b4aa3-8f78-479f-89ce-79585ef1fd9e", "value": "nView64.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220273", "to_ids": false, "type": "text", "uuid": "e2d16379-8d32-46bf-b2d4-5871cf17408d", "value": "Shadowpad loaders\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:49/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223138", "uuid": "63c44dec-bba3-4146-a1ad-571103374030", "Attribute": [ { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223138", "to_ids": true, "type": "md5", "uuid": "dd36d9c4-c4a4-47e0-95c6-1166c7cb5e76", "value": "0a1be08e8574fe48cab247ac94207261", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221271", "to_ids": true, "type": "sha1", "uuid": "ba7a1ae5-ecfd-471a-8f1a-1dbd8842e99e", "value": "60b49d30934553227a1559ce9a89187d62d8b7ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shadowpad loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221271", "to_ids": true, "type": "sha256", "uuid": "1558f3b4-6a95-4614-8ea7-5f2a07deaa35", "value": "b66660dfe1ce69f706aaa412fcd3ff18554d604df59c09adc2a8117417967ce9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220497", "to_ids": true, "type": "ssdeep", "uuid": "b38ab619-0934-4648-b996-ba6cd3f6813a", "value": "3072:8Gd9ITGxcwROOeXxHS6RbFVtf2PnnjdHoEhH3G:3YTGewROOeBy6XVtuPJd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220497", "to_ids": false, "type": "size-in-bytes", "uuid": "bced0d26-8bbb-43bf-969d-8e43d3ce0970", "value": "111104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220497", "to_ids": true, "type": "vhash", "uuid": "2ad0ba0d-c408-4ef1-8863-84bf37ed8e66", "value": "115056651d15151az49?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220497", "to_ids": true, "type": "filename", "uuid": "43d1f946-06f8-4f0d-af21-1eda2d3fbb1f", "value": "roboform-x64.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220497", "to_ids": false, "type": "text", "uuid": "b2347077-7b6a-4091-a2f6-514da4567d9c", "value": "Shadowpad loaders\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:13/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223160", "uuid": "9b2fe157-eed9-4f13-aeb6-2bd9b287e1c6", "Attribute": [ { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223160", "to_ids": true, "type": "md5", "uuid": "85721eca-1c1e-461b-ae1f-dce3d21e2e67", "value": "1e74bc56d6efad394ec25ef0f091ca11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221274", "to_ids": true, "type": "sha1", "uuid": "47a66883-3656-4b5e-bdcd-37ec65680be8", "value": "45f7da000dceaeaf4ee97775eb299c04a7a92041", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221274", "to_ids": true, "type": "sha256", "uuid": "46fac3b6-82d7-48af-92cd-5094bc8092f1", "value": "7b8ea6b1e2a29190cb28fc98ef837bf4a7a0b71b84177ce9395a5113a843c4d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220520", "to_ids": true, "type": "ssdeep", "uuid": "1e89c46f-53e8-4549-a043-ec79ca788fb8", "value": "1536:3p+X+Zvb9b0UNfQjvJb7bbzw6gS7g0lHftJOcZs9yzzT4ZsWWd29dlfjvZamV8:sWvjNYV/c6g6g0Z2cZs9OP4IOFjvZa/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220520", "to_ids": false, "type": "size-in-bytes", "uuid": "a33e16a9-873c-4ba7-999a-32870f9d4949", "value": "109056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220520", "to_ids": true, "type": "vhash", "uuid": "ba845156-ab2f-4c6c-a666-2ac430cef9de", "value": "115066655d1515155az5-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220520", "to_ids": true, "type": "filename", "uuid": "42b595a1-66fd-4b5a-b342-5b3792cf308d", "value": "sensapi.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220520", "to_ids": false, "type": "text", "uuid": "555f2782-7c89-4e8e-b779-941b8bef5b54", "value": "Ransomware\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/DllHijack.DA!MTB\nVT Total Detection:45/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223181", "uuid": "cff85f5e-e015-4667-b48c-d40adec9aca7", "Attribute": [ { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223181", "to_ids": true, "type": "md5", "uuid": "2e1c465c-8220-41da-a357-478aa6389669", "value": "1b5133caef33764d8a425760c6b5f822", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221276", "to_ids": true, "type": "sha1", "uuid": "3a74c170-3e71-4823-804d-83056318cf08", "value": "21eb9fc1c1ede3f9824726a2673c27e8dcad8cb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221277", "to_ids": true, "type": "sha256", "uuid": "c56df8c8-58b9-4872-80db-555bb09487dc", "value": "de4bb30e400f081601d4091206ba6c04ac502f50e0dbac879db8c0202bff8108", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220544", "to_ids": true, "type": "ssdeep", "uuid": "6f354c94-5d2c-4e08-9bf0-a336877bc318", "value": "196608:rsM/56Bf6Mahq9u0Mtqvi8OwjQLmyT5+B7yAt4YD1x+YYcoYeplgx2SXjOJb:oMkf6tqQ0MM1OwjyTSntrJpnepy4S2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220544", "to_ids": false, "type": "size-in-bytes", "uuid": "a7d69c48-b7e1-4325-86c3-122b6bb623c0", "value": "11500032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220544", "to_ids": true, "type": "vhash", "uuid": "ec2051fc-95c5-4d72-ad3c-6b53e35c7a30", "value": "117096050d05060d17751bz1!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220544", "to_ids": true, "type": "filename", "uuid": "bf728157-0710-4139-bc5d-e6a8abeea3b9", "value": "sensapi.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220544", "to_ids": false, "type": "text", "uuid": "64275d27-a8ac-4df3-abd5-b84d24d24aa4", "value": "Ransomware\r\nType Description: Win32 DLL\n\nMicrosoft: Ransom:Win32/Kodex.A!dha\nVT Total Detection:45/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223202", "uuid": "dc6de111-90e1-431d-b0b6-6c905d681173", "Attribute": [ { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223202", "to_ids": true, "type": "md5", "uuid": "23615c83-3131-46da-bdf1-73b9147083a5", "value": "32b50847b5095c612566db1d9643ad59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221279", "to_ids": true, "type": "sha1", "uuid": "d535ea50-59f8-4e14-a756-ce09bd00f00d", "value": "9f139c1a7d63d25f1a8697e387cdbf476c7963b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221279", "to_ids": true, "type": "sha256", "uuid": "ad858379-a3f7-43eb-bf39-047e0ef6f05a", "value": "5dc36e687a7fa3cfbf845e8a53173f37ac38559b6b87f9dcf609a72b3f284035", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220567", "to_ids": true, "type": "ssdeep", "uuid": "8515c9b8-2bdb-4585-b5a7-5897db86bf9a", "value": "1536:d3am59qYLfcRf78i7PmSQg2nS/ueMoj8zECAzDymsW8d39dlO/zxyWa:dqm10Z7ZPmpg2maoj8zIfyV3CxyR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220567", "to_ids": false, "type": "size-in-bytes", "uuid": "ac818ed8-331e-4dd0-8fb0-e660f206f779", "value": "112128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220567", "to_ids": true, "type": "vhash", "uuid": "15f74154-af29-49ef-a5f6-74c95c92857f", "value": "115066655d1555155az4b!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220567", "to_ids": true, "type": "filename", "uuid": "989a854b-3889-486f-ab8d-164f32f69569", "value": "sensapi.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220567", "to_ids": false, "type": "text", "uuid": "6cab7b3e-c1cf-402f-ac6c-3b1d354cfeb9", "value": "Ransomware\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/DLLHijack.EC!MTB\nVT Total Detection:32/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223224", "uuid": "d651129a-91be-4312-bf4e-2db3ada2bf37", "Attribute": [ { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223224", "to_ids": true, "type": "md5", "uuid": "1f02c194-03a8-401c-a47b-5421a1c9fc7a", "value": "0f2a96670d71e48b6fbaed96d7c8a715", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221281", "to_ids": true, "type": "sha1", "uuid": "91b4d39a-5409-46c8-97f8-44497e524d61", "value": "367c56ecc38de298fd01a43413217159887d5a05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221282", "to_ids": true, "type": "sha256", "uuid": "6964533e-075a-44d2-8f35-1f0a918cc6f3", "value": "37039a761114251f4556e4fe41c3ec01b7206a483c4698ffe5a0f1617a8bc26b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220591", "to_ids": true, "type": "ssdeep", "uuid": "bd38bb6f-44be-4312-82d8-b65d40e65425", "value": "1536:/p+1+Zvb9b0UNfQjvJb7bbzw6gS7g0lHftJOcZs9yzzT4ZsWWd29dlfjvZamV8:0YvjNYV/c6g6g0Z2cZs9OP4IOVjvZa/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220591", "to_ids": false, "type": "size-in-bytes", "uuid": "e474fa7b-c83d-43ee-986a-1d6e5c0fb2d6", "value": "109056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220591", "to_ids": true, "type": "vhash", "uuid": "b907000d-faf7-4b43-8291-8297a5ceb3f5", "value": "115066655d1515155az5-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220591", "to_ids": true, "type": "filename", "uuid": "737724f0-04d9-4ed1-b185-fb572b0be20d", "value": "sensapi.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220591", "to_ids": false, "type": "text", "uuid": "4ac33562-4747-431c-9c3a-673831d5d4cf", "value": "Ransomware\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/DllHijack.DA!MTB\nVT Total Detection:47/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223245", "uuid": "d4817cc3-e69f-45ba-8458-69adafc9e2f1", "Attribute": [ { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223245", "to_ids": true, "type": "md5", "uuid": "16983e36-7693-4bb7-aa66-0f7bfb3e41be", "value": "bc267a3b45d83a0feb4d7162e6ff8113", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221284", "to_ids": true, "type": "sha1", "uuid": "4ff1c0e8-25bc-4f91-a7a9-58689f09f050", "value": "fca66a0b65b026febfa662932e560238b4f54d5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Ransomware", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221285", "to_ids": true, "type": "sha256", "uuid": "9e8dc45f-bad6-480b-8ef9-90e44221d123", "value": "fcb8bf42d852526214578ab4b477b29f2412a7a931c6353db4fa6c221661edf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220614", "to_ids": true, "type": "ssdeep", "uuid": "c3d1fbbf-6945-4075-89db-db764cf92e29", "value": "1536:oZjDikV9iDBB3P88xBAGhKHJuC0+vQijSCLSjhTLi0fVz/AsWNdmB9dlChaMw:Hkq39GZpq+vQijrGj1Li0dbiaYYz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220614", "to_ids": false, "type": "size-in-bytes", "uuid": "56e35311-10c5-4fc3-a8cc-0af0490912ab", "value": "139264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220614", "to_ids": true, "type": "vhash", "uuid": "57ac5282-131e-40c4-91cb-9484328c87ae", "value": "115066655d1555155az4c!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220614", "to_ids": true, "type": "filename", "uuid": "f6953d32-f1a2-4628-846b-8fd75d94f918", "value": "sensapi.dll" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220614", "to_ids": false, "type": "text", "uuid": "ec8e6bee-7963-4fc1-9439-4d11d8bb3f5e", "value": "Ransomware\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win64/DllHijack\nVT Total Detection:41/77" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740223267", "uuid": "aaff3101-6ebe-4b1e-9553-e407e61a87b7", "Attribute": [ { "category": "Payload delivery", "comment": "Post-exploitation tool - CQHashDump tool", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740223267", "to_ids": true, "type": "md5", "uuid": "f5798ff6-5dab-46df-92b2-96de242bf1a5", "value": "52619acc313eef4c14b61116c91d8747", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Post-exploitation tool - CQHashDump tool", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740221287", "to_ids": true, "type": "sha1", "uuid": "99ecd40a-69d0-49a2-89ef-dae5774230e3", "value": "d9070f1a686405925734254f3b14e6c0c12c8453", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Post-exploitation tool - CQHashDump tool", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740221287", "to_ids": true, "type": "sha256", "uuid": "649e963f-b81d-4aeb-9379-153cc79c96d4", "value": "ceac8b67f19d596b2c2f34d682f88c717d11dd4c1144e2e7439b6bb78adb1736", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740220638", "to_ids": true, "type": "ssdeep", "uuid": "e278c337-3dc7-4b95-8403-4ae0beaf9aec", "value": "1536:5qleFcZpubMPsRDEd0MuRbURfNRLQ1ya+86eS3gJ8MqWl0JPPRAxTr+h9yQLJYVt:5q4FcZmRDs+RbURrkID86er6MyAxTr+4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740220638", "to_ids": false, "type": "size-in-bytes", "uuid": "f6e0bde0-1072-4dbf-a6f0-cca4fc5d8889", "value": "82432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740220638", "to_ids": true, "type": "vhash", "uuid": "ffb1600a-72b5-4ac8-b785-0275b09e4f06", "value": "084026551\"z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740220638", "to_ids": true, "type": "filename", "uuid": "7cce70c5-a3e0-4cb8-b25c-30543ae3074e", "value": "CQHashDump.exe" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740220638", "to_ids": false, "type": "text", "uuid": "704ecf1a-fbfd-42aa-9fa7-c0835ba8c0ac", "value": "Post-exploitation tool - CQHashDump tool\r\nType Description: Win32 EXE\n\nMicrosoft: None\nVT Total Detection:2/77" } ] } ] } }