{ "Event": { "analysis": "2", "date": "2014-11-24", "extends_uuid": "", "info": "[Threat Intel] Regin: nation-state ownage of GSM networks", "protected": false, "publish_timestamp": "1772901970", "published": true, "threat_level_id": "1", "timestamp": "1772901970", "uuid": "2face905-11c0-4d37-b106-950a1235e579", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Regin\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Bank\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Research - Innovation\"", "relationship_type": "" }, { "colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": "" }, { "colour": "#0f0428", "local": false, "name": "misp-galaxy:target-information=\"Algeria\"", "relationship_type": "" }, { "colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#fabbd6", "local": false, "name": "misp-galaxy:target-information=\"Fiji\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": "" }, { "colour": "#450e1c", "local": false, "name": "misp-galaxy:target-information=\"Kiribati\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Syria\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740321237", "to_ids": false, "type": "link", "uuid": "c141bb8a-6f21-4fa8-b1a7-fd24d7b32bc4", "value": "https://securelist.com/regin-nation-state-ownage-of-gsm-networks/67741/" }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1747505783", "to_ids": true, "type": "ip-dst", "uuid": "6c09c694-a95b-4bf4-bfc7-fdf71ae435bd", "value": "61.67.114.73", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1747505783", "to_ids": true, "type": "ip-dst", "uuid": "3734a20b-377c-46f5-8d26-d35e94b3b27c", "value": "202.71.144.113", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1747505783", "to_ids": true, "type": "domain", "uuid": "97baa88f-1eb4-4f4a-b10b-427248b2a37a", "value": "team-m.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1747505783", "to_ids": true, "type": "ip-dst", "uuid": "17e59013-0cf9-4339-b983-df1c41c593d5", "value": "203.199.89.80", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1747505783", "to_ids": true, "type": "ip-dst", "uuid": "f9b65953-13ef-451e-8ffe-ae0485446a21", "value": "194.183.237.145", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740321456", "to_ids": false, "type": "link", "uuid": "a510778d-053c-48fd-97b4-de266c151d0a", "value": "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08070305/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf" }, { "category": "Payload delivery", "comment": "Stage 1 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358718", "to_ids": true, "type": "md5", "uuid": "9ff0228c-132c-4f68-8841-31aa468ad2d8", "value": "bddf5afbea2d0eed77f2ad4e9a4f044d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358719", "to_ids": true, "type": "md5", "uuid": "85e3af46-03f0-4814-8022-8a25b30a0b5b", "value": "c053a0a3f1edcbbfc9b51bc640e808ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358720", "to_ids": true, "type": "md5", "uuid": "dac1733f-73b2-4dce-9ef6-961ecea1ceee", "value": "e63422e458afdfe111bd0b87c1e9772c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358722", "to_ids": true, "type": "md5", "uuid": "6546141e-bc87-48fe-ac7b-75bdb5a737fe", "value": "18d4898d82fcb290dfed2a9f70d66833", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358723", "to_ids": true, "type": "md5", "uuid": "85587036-6744-4bcd-9ede-c9175975fcd5", "value": "b9e4f9d32ce59e7c4daf6b237c330e25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 2 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358724", "to_ids": true, "type": "md5", "uuid": "14b7e0fd-7d62-4a33-b28f-3f280d991876", "value": "d446b1ed24dad48311f287f3c65aeb80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 3 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358725", "to_ids": true, "type": "md5", "uuid": "ce1306e5-a216-4151-96aa-1f24389041ed", "value": "da03648948475b2d0e3e2345d7a9bbbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 4 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358726", "to_ids": true, "type": "md5", "uuid": "e3b80552-5e14-402c-ba92-866a6c4a7449", "value": "1e4076caa08e41a5befc52efd74819ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 4 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358728", "to_ids": true, "type": "md5", "uuid": "d59683c4-3df5-4d87-bd0e-acbd59d60dd2", "value": "68297fde98e9c0c29cecc0ebf38bde95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 4 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358729", "to_ids": true, "type": "md5", "uuid": "6efb9b5c-3e78-499c-b205-24cc4192bc3b", "value": "6cf5dc32e1f6959e7354e85101ec219a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 4 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358730", "to_ids": true, "type": "md5", "uuid": "8d160e2c-3ea4-41d5-b4c8-38a7915ec980", "value": "885dcd517faf9fac655b8da66315462d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 4 No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740358731", "to_ids": true, "type": "md5", "uuid": "e6c8ac13-4e85-468d-8f9d-a793e587f046", "value": "a1d727340158ec0af81a845abd3963c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740321613", "uuid": "592dd3d1-0c88-4c50-b269-bf8a18e86367", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740321613", "to_ids": false, "type": "comment", "uuid": "31b23f0f-4a79-4bf5-8543-882c1ffa9612", "value": "Rule to detect Regin 32 bit stage 1 loaders" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740321613", "to_ids": true, "type": "yara", "uuid": "a0d131f6-5d92-44b5-b540-be9e26fb9d61", "value": "rule apt_regin_2011_32bit_stage1 {\r\nmeta:\r\ncopyright = \"Kaspersky Lab\"\r\n description = \"Rule to detect Regin 32 bit stage 1 loaders\"\r\n version = \"1.0\"\r\n last_modified = \"2014-11-18\"\r\nstrings:\r\n$key1={331015EA261D38A7}\r\n$key2={9145A98BA37617DE}\r\n$key3={EF745F23AA67243D}\r\n$mz=\"MZ\"\r\ncondition:\r\n($mz at 0) and any of ($key*) and filesize < 300000\r\n}\r\nrule apt_regin_rc5key {\r\nmeta:\r\ncopyright = \"Kaspersky Lab\"\r\n description = \"Rule to detect Regin RC5 decryption keys\"\r\n version = \"1.0\"\r\n last_modified = \"2014-11-18\"\r\nstrings:\r\n$key1={73 23 1F 43 93 E1 9F 2F 99 0C 17 81 5C FF B4 01}\r\n$key2={10 19 53 2A 11 ED A3 74 3F C3 72 3F 9D 94 3D 78}\r\ncondition:\r\nany of ($key*)\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740321613", "to_ids": false, "type": "text", "uuid": "8d5ebc7d-ea0c-4ee6-87ca-619b2a5826d9", "value": "apt_regin_2011_32bit_stage1" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740321633", "uuid": "c29b592c-2bdc-460c-a230-0b106bde7a04", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740321633", "to_ids": false, "type": "comment", "uuid": "d7540d1c-ff94-4237-8d5f-2f9da0695e38", "value": "Rule to detect Regin 64 bit stage 1 loaders" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740321633", "to_ids": true, "type": "yara", "uuid": "53e659f4-4fbd-4ba3-b09a-0d661122c071", "value": "rule apt_regin_2013_64bit_stage1 {\r\nmeta:\r\ncopyright = \"Kaspersky Lab\"\r\n description = \"Rule to detect Regin 64 bit stage 1 loaders\"\r\n version = \"1.0\"\r\n last_modified = \"2014-11-18\"\r\n filename=\"wshnetc.dll\"\r\n md5=\"bddf5afbea2d0eed77f2ad4e9a4f044d\"\r\n filename=\"wsharp.dll\"\r\n md5=\"c053a0a3f1edcbbfc9b51bc640e808ce\"\r\nstrings:\r\n$mz=\"MZ\"\r\n$a1=\"PRIVHEAD\"\r\n$a2=\"\\\\\\\\.\\\\PhysicalDrive%d\"\r\n$a3=\"ZwDeviceIoControlFile\"\r\ncondition:\r\n($mz at 0) and (all of ($a*)) and filesize < 100000\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740321633", "to_ids": false, "type": "text", "uuid": "4f60b8d2-f14d-4eba-b849-70e5b691cfb4", "value": "apt_regin_2013_64bit_stage1" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740321660", "uuid": "8392904b-0dfc-4954-ac19-4fa47d71ea94", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740321660", "to_ids": false, "type": "comment", "uuid": "67c66465-2147-4ea0-ac3f-63cfa5b1dc86", "value": "Rule to detect Regin disp.dll dispatcher" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740321660", "to_ids": true, "type": "yara", "uuid": "cb5819b4-c68d-448f-a231-3213df372c53", "value": "rule apt_regin_dispatcher_disp_dll {\r\nmeta:\r\ncopyright = \"Kaspersky Lab\"\r\n description = \"Rule to detect Regin disp.dll dispatcher\"\r\n version = \"1.0\"\r\n last_modified = \"2014-11-18\"\r\nstrings:\r\n$mz=\"MZ\"\r\n $string1=\"shit\"\r\n $string2=\"disp.dll\"\r\n $string3=\"255.255.255.255\"\r\n $string4=\"StackWalk64\"\r\n $string5=\"imagehlp.dll\"\r\ncondition:\r\n($mz at 0) and (all of ($string*))\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740321660", "to_ids": false, "type": "text", "uuid": "88c688e5-40bf-4cff-8e8d-4dd0d597a7af", "value": "apt_regin_dispatcher_disp_dll" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740321677", "uuid": "52b884cd-0733-4677-b607-3f67cdc33037", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740321677", "to_ids": false, "type": "comment", "uuid": "729c79c0-a045-4d2b-b171-7d6005f4563b", "value": "Rule to detect Regin VFSes" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740321677", "to_ids": true, "type": "yara", "uuid": "940f3787-1a6a-4ed3-bea5-45bb23cf7c47", "value": "rule apt_regin_vfs {\r\nmeta:\r\ncopyright = \"Kaspersky Lab\"\r\n description = \"Rule to detect Regin VFSes\"\r\n version = \"1.0\"\r\n last_modified = \"2014-11-18\"\r\nstrings:\r\n$a1={00 02 00 08 00 08 03 F6 D7 F3 52}\r\n$a2={00 10 F0 FF F0 FF 11 C7 7F E8 52}\r\n$a3={00 04 00 10 00 10 03 C2 D3 1C 93}\r\n$a4={00 04 00 10 C8 00 04 C8 93 06 D8}\r\ncondition:\r\n($a1 at 0) or ($a2 at 0) or ($a3 at 0) or ($a4 at 0)\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740321677", "to_ids": false, "type": "text", "uuid": "b07a59dd-a799-4f67-9420-4dd3b1b43259", "value": "apt_regin_vfs" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505299", "uuid": "2787b5dc-2f35-46ed-b12d-d5d7627d359c", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505299", "to_ids": true, "type": "md5", "uuid": "4d034eaf-d650-4da5-b2dd-182c54b2c7bf", "value": "06665b96e293b23acc80451abb413e50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358688", "to_ids": true, "type": "sha1", "uuid": "5c5c6299-eba5-4b55-abed-390753721f50", "value": "9f0dc086875e6b06efe6bb3aadf049ce00f9e486", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358688", "to_ids": true, "type": "sha256", "uuid": "c6331ca0-3df7-4356-848d-1449157d57dc", "value": "f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321782", "to_ids": true, "type": "ssdeep", "uuid": "7f080062-2ae1-4ce0-8c18-f171c22b9dfd", "value": "192:za3N5H44rW3ias7dUFdELQcsafdPvlw/BZUGJdMr0KqOMwb:zkasBUFuVsafVvlw/BLMcOHb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321782", "to_ids": false, "type": "size-in-bytes", "uuid": "21882bf2-b3ce-4eb6-b1c8-987c00853c03", "value": "11680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321782", "to_ids": true, "type": "vhash", "uuid": "1df834c1-75a6-4d39-a089-de2ca063af3e", "value": "0140466d7e5519z16z17xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321782", "to_ids": true, "type": "filename", "uuid": "1f8cf8bb-3b27-4cd7-a9d6-c5a493f76751", "value": "06665b96e293b23acc80451abb413e50.sys" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 20/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321782", "to_ids": false, "type": "text", "uuid": "1226d0b8-d6c5-42a8-8ded-b16033a25bca", "value": "Stage 1 file\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:WinNT/Regin.A!dha\nVT Total Detection:60/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505320", "uuid": "17fb9d3b-e9e7-4912-9e7b-6f457837461e", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505320", "to_ids": true, "type": "md5", "uuid": "c89f73c3-a5a6-43b6-83c1-e56d9b94e7df", "value": "187044596bc1328efa0ed636d8aa4a5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358690", "to_ids": true, "type": "sha1", "uuid": "62d4fe9a-22ea-4156-b1ce-9754d0904657", "value": "b6adfcba6797b5377154a811f70a335767a511b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358690", "to_ids": true, "type": "sha256", "uuid": "40d09ec8-746a-492b-91d6-3871ab8abd23", "value": "a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321803", "to_ids": true, "type": "ssdeep", "uuid": "d1019d16-e662-4b39-9484-f1843bd4f1c9", "value": "192:fTd5mydi6b2nia87d0zELQcMafdPvlw+B2GpdF+NuMsFb5:n/a8B0EVMafVvlw+BPF+NurFb5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321803", "to_ids": false, "type": "size-in-bytes", "uuid": "96071849-7498-4889-a7ff-26d807bee34e", "value": "11616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321803", "to_ids": true, "type": "vhash", "uuid": "b65ea5c3-a4bf-42ec-9cf4-06997a72dcf9", "value": "0140466d7e5519z16z17xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321804", "to_ids": true, "type": "filename", "uuid": "4f913f41-72f8-4abb-927e-7b663c1afef3", "value": "file_17" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321804", "to_ids": false, "type": "text", "uuid": "d06117cb-2e34-43b5-90fc-9edfe02ab2f4", "value": "Stage 1 file\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:WinNT/Regin.A!dha\nVT Total Detection:63/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505342", "uuid": "ff070ef0-995b-45eb-a987-49dd9017da08", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505342", "to_ids": true, "type": "md5", "uuid": "a6550dd5-9d5e-46fb-aafd-260aa7e8f0da", "value": "1c024e599ac055312a4ab75b3950040a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358691", "to_ids": true, "type": "sha1", "uuid": "e5a389ab-7b6c-47ba-89f2-5ca569e1bcdc", "value": "f8645b71b2cb515278d3802924642124f5ba9b7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358691", "to_ids": true, "type": "sha256", "uuid": "9e9216b3-e73f-485b-8c94-e085e154acb2", "value": "c0cf8e008fbfa0cb2c61d968057b4a077d62f64d7320769982d28107db370513", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321825", "to_ids": true, "type": "ssdeep", "uuid": "c707549e-15bd-4658-a0d9-267995e9af73", "value": "192:prTrdRndloJxBdUwLlacZZ+uH39r2J9Huk00H2Z4caLaJ:1LDoJxBKwBac2uH3U9OkRHKWLC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321825", "to_ids": false, "type": "size-in-bytes", "uuid": "ea26c2fe-5797-4b64-a2c7-7c568712dbdd", "value": "12800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321825", "to_ids": true, "type": "vhash", "uuid": "3835ab8e-2bab-4d7c-b004-879d75d0bd58", "value": "114056651d6e1519z16z19xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321825", "to_ids": true, "type": "filename", "uuid": "e80c7af0-3694-4bf3-8600-6be4db8456ad", "value": "test (20)" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321825", "to_ids": false, "type": "text", "uuid": "bde69304-6557-421b-b6cf-48c64b7333e6", "value": "Stage 1 file\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.B!dha\nVT Total Detection:63/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505363", "uuid": "7125e841-8b12-472a-9419-7d5d546d7f67", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505363", "to_ids": true, "type": "md5", "uuid": "3193a360-bbb0-4add-87f4-4b5e74749ad1", "value": "2c8b9d2885543d7ade3cae98225e263b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358693", "to_ids": true, "type": "sha1", "uuid": "abdbe454-1b15-4c63-a367-600c799b2f26", "value": "e0895336617e0b45b312383814ec6783556d7635", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358693", "to_ids": true, "type": "sha256", "uuid": "aea0964c-eef8-4e98-8054-3ed818f3ad68", "value": "7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321846", "to_ids": true, "type": "ssdeep", "uuid": "dd7aa722-0f7e-41bf-8d44-5772c0b5a936", "value": "384:FUufpTzrwDPkLAlTHUyCV7arVxaD6x2SWfxgZWLc:FUufp1AxUJiVxiYCc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321846", "to_ids": false, "type": "size-in-bytes", "uuid": "3dcb9b1c-96f1-408e-a9b6-eba8d86ea1f0", "value": "16896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321846", "to_ids": true, "type": "vhash", "uuid": "e882e8a2-89f7-42fb-af0c-5a71a115db81", "value": "114066651d6e151519z26z1cxz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321846", "to_ids": true, "type": "filename", "uuid": "700605be-0374-490f-8d01-00becc4d5243", "value": "usbclass" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 27/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321846", "to_ids": false, "type": "text", "uuid": "7cf42e91-5b19-42af-b336-57cff2220197", "value": "Stage 1 file\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.B!dha\nVT Total Detection:62/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505384", "uuid": "5cce0099-712b-4c1d-9c10-ce9dad6331fb", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505384", "to_ids": true, "type": "md5", "uuid": "35fd3fbe-ad13-483e-be95-ca688216da84", "value": "4b6b86c7fec1c574706cecedf44abded", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358694", "to_ids": true, "type": "sha1", "uuid": "63490aa1-0c47-4b1d-8a26-3cc4b17a2f3e", "value": "732298fa025ed48179a3a2555b45be96f7079712", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358694", "to_ids": true, "type": "sha256", "uuid": "adb032e0-ca4d-4845-9a52-36c3155362d4", "value": "40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321868", "to_ids": true, "type": "ssdeep", "uuid": "c52db1c9-9516-489f-bc14-37455a9f1826", "value": "384:IBLiDpDzrw7Pkl+QWHNBCV9NoGASeDP/YWkxgZWB:2+Dpn+HN84Se3O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321868", "to_ids": false, "type": "size-in-bytes", "uuid": "c8af869c-0107-42a2-934d-fcd53d6de1ad", "value": "16896" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321868", "to_ids": true, "type": "vhash", "uuid": "e73cff8c-f0c5-48d1-8445-d97f5858fa4a", "value": "114066651d6e151519z26z1cxz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321868", "to_ids": true, "type": "filename", "uuid": "6370f227-079c-4fe1-9fe6-cc74ea4a1e2a", "value": "usbclass" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 09/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321868", "to_ids": false, "type": "text", "uuid": "c61a3730-5224-4e18-bfdb-c6ce0e4040d3", "value": "Stage 1 file\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Skeeyah\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505405", "uuid": "d2c05cbf-00bb-4e88-82df-d4a8060937a9", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505405", "to_ids": true, "type": "md5", "uuid": "a767b231-8947-4bd6-8190-121fc1cd244c", "value": "6662c390b2bbbd291ec7987388fc75d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358696", "to_ids": true, "type": "sha1", "uuid": "2757003f-deee-4114-96f2-85317e3fc667", "value": "0a151553ef4c7d22ffb94a1fbc01f5b4f1900964", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358696", "to_ids": true, "type": "sha256", "uuid": "d3cb29eb-c050-4beb-b30e-739aed7d98f4", "value": "e1ba03a10a40aab909b2ba58dcdfd378b4d264f1f4a554b669797bbb8c8ac902", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321889", "to_ids": true, "type": "ssdeep", "uuid": "d9f826e5-3cac-485a-817a-197ad796fd35", "value": "192:PzK6RmN7Iur+27CJj5Va7OQc/9HdPvlwH9CNexyFDM5rTG9CiMsw57trH:L+Vg1VayV/9HVvlwH0NeQDM1TOrq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321889", "to_ids": false, "type": "size-in-bytes", "uuid": "0acac16f-8fd9-4b87-a702-68dd59df6ee9", "value": "12320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321889", "to_ids": true, "type": "vhash", "uuid": "a01ded59-f137-4483-af6c-103592461dae", "value": "0140466d7e5519z16z19xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321889", "to_ids": true, "type": "filename", "uuid": "dbf18183-2821-4665-a698-466266461cd8", "value": "file_22" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 01/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321889", "to_ids": false, "type": "text", "uuid": "7881552e-273e-4006-88c5-3a0bf1531b45", "value": "Stage 1 file\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:WinNT/Regin.A!dha\nVT Total Detection:65/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505426", "uuid": "3359b988-c6ac-40e9-bc0b-6d34bb444bbf", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505426", "to_ids": true, "type": "md5", "uuid": "071ff1da-cb93-48f1-b234-2ae6b828a271", "value": "b269894f434657db2b15949641a67532", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358697", "to_ids": true, "type": "sha1", "uuid": "bdeb72f6-5553-4c62-9066-50b8ecfe1404", "value": "3c8d90b7bdf097811a460a0835206d4bfd56c4a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358697", "to_ids": true, "type": "sha256", "uuid": "935c0e73-ccc3-4f1a-9164-eeac1b068daa", "value": "a7493fac96345a989b1a03772444075754a2ef11daa22a7600466adc1f69a669", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321912", "to_ids": true, "type": "ssdeep", "uuid": "434653ec-98c1-475d-b9a9-a338a136c41b", "value": "192:RVJEkJqfhNkjdYsw36kUPI3vmZowzfn9K8nec04XMZIt7jaJr:RoOj7wX3vmKwzfnbVxXMZ4jCr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321912", "to_ids": false, "type": "size-in-bytes", "uuid": "1034a8e8-5b59-44c0-ad1e-b6d07db3886d", "value": "13824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321912", "to_ids": true, "type": "vhash", "uuid": "22824482-13fd-43f1-8598-873407a7b4c1", "value": "114056651d6e1519z16z19xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321912", "to_ids": true, "type": "filename", "uuid": "2f84c61a-4eb9-4153-9836-66145f392da9", "value": "test (17)" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321912", "to_ids": false, "type": "text", "uuid": "e6d59c91-9437-4ebf-b147-5146e9503d33", "value": "Stage 1 file\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.B!dha\nVT Total Detection:64/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505447", "uuid": "0f34935b-6a75-4150-82d9-b5847c0b0d06", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505447", "to_ids": true, "type": "md5", "uuid": "d7e035de-5927-4f5c-a07d-5f7a35b85b60", "value": "b29ca4f22ae7b7b25f79c1d4a421139d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358699", "to_ids": true, "type": "sha1", "uuid": "3342046e-c092-477e-8063-b9858b744ea9", "value": "b1b874f0d4457033babb4f28f55c8a6e0590e9df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358699", "to_ids": true, "type": "sha256", "uuid": "72feabff-4c36-4862-9337-180c9caf67e8", "value": "a0d82c3730bc41e267711480c8009883d1412b68977ab175421eabc34e4ef355", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321933", "to_ids": true, "type": "ssdeep", "uuid": "1c412453-ab0c-44f5-85c8-85b0a28e22a7", "value": "192:BxK6RmN7Iur+27CJj5Va76Qc/9HdPvlwHOGNluyBTo5rTG9CiMsw57t:X2Vg1VamV/9HVvlwHrNHTo1Turq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321933", "to_ids": false, "type": "size-in-bytes", "uuid": "5e98ad65-7105-44d3-be85-cd62b80440e7", "value": "12320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321933", "to_ids": true, "type": "vhash", "uuid": "d3b45beb-e92c-4e15-bc0d-b88dc8115e45", "value": "0140466d7e5519z16z19xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321933", "to_ids": true, "type": "filename", "uuid": "1544828e-0562-4118-bda7-33b802471bf0", "value": "test (14)" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 10/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321933", "to_ids": false, "type": "text", "uuid": "d8ca6050-d212-4990-a398-b4b9094bfcaf", "value": "Stage 1 file\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:WinNT/Regin.A!dha\nVT Total Detection:64/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505468", "uuid": "4f01654c-322d-4072-99f3-cd44235f83c5", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505468", "to_ids": true, "type": "md5", "uuid": "538fa94d-bec6-49ec-b1b0-27dae17807e0", "value": "b505d65721bb2453d5039a389113b566", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358700", "to_ids": true, "type": "sha1", "uuid": "4b99a261-7211-45a0-b5bd-f709c394f012", "value": "fea8a97304a74e965bbd1149c6c23171b61ff1da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358701", "to_ids": true, "type": "sha256", "uuid": "28c8b4c6-281e-43aa-9d66-cce35a11188b", "value": "4e39bc95e35323ab586d740725a1c8cbcde01fe453f7c4cac7cced9a26e42cc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321955", "to_ids": true, "type": "ssdeep", "uuid": "46acaf9a-498b-49cd-8852-9f9a7b7e5418", "value": "192:iVJEkJqfhNkjdYsw36kUPI3vmZowzfn9K8nec04XMZIt7jaJr:ioOj7wX3vmKwzfnbVxXMZ4jCr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321955", "to_ids": false, "type": "size-in-bytes", "uuid": "64599b4c-39e0-4b75-b3ad-79e136c82513", "value": "13824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321955", "to_ids": true, "type": "vhash", "uuid": "18b18857-85ca-4ef6-af32-a4028a2ddba3", "value": "114056651d6e1519z16z19xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321955", "to_ids": true, "type": "filename", "uuid": "00790600-52d1-44d3-ba36-653fe8d4f63e", "value": "test (8)" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 01/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321955", "to_ids": false, "type": "text", "uuid": "5019320e-97d2-4b7c-a567-4ef0f1da37bf", "value": "Stage 1 file\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.B!dha\nVT Total Detection:64/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505489", "uuid": "f0bfd444-c959-4f61-81e1-97802fa4eb89", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505489", "to_ids": true, "type": "md5", "uuid": "578d218f-a3dc-4fca-a40d-ac63dd4de3c2", "value": "26297dc3cd0b688de3b846983c5385e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358702", "to_ids": true, "type": "sha1", "uuid": "2a195049-cbf5-4158-86a4-e707af3273dc", "value": "b5e28342e2d6d587be1f92770e9517f44a0f279e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358702", "to_ids": true, "type": "sha256", "uuid": "eda96604-58ef-4b3e-aa95-4b50d54b8a08", "value": "b755ed82c908d92043d4ec3723611c6c5a7c162e78ac8065eb77993447368fce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321976", "to_ids": true, "type": "ssdeep", "uuid": "54ff4945-fe1b-4bf8-9175-bb26631add18", "value": "384:8zTDp/zrw14v/o21QkHNUCLQGFoOkM29:8HDpI6tNLflkM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321976", "to_ids": false, "type": "size-in-bytes", "uuid": "4320ac60-bc2b-4a6f-bd47-473513fdae1f", "value": "14336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321976", "to_ids": true, "type": "vhash", "uuid": "a688f3cc-5f6e-4c2b-818b-03f4d009d2ad", "value": "114056651d6e1519z26z1cxz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321976", "to_ids": true, "type": "filename", "uuid": "be8e9eb0-6d75-48c2-9195-61eede9b724a", "value": "OneDriveStandaloneUpdater.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321976", "to_ids": false, "type": "text", "uuid": "81f7fb4f-8413-4607-8037-28c85ebf59b0", "value": "Stage 1 file\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.B!dha\nVT Total Detection:61/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505510", "uuid": "079cd3ec-48fe-4d93-9066-85bdc03379b4", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505510", "to_ids": true, "type": "md5", "uuid": "322f09b8-8885-4861-a9d0-7ad4ac1aacf4", "value": "ba7bb65634ce1e30c1e5415be3d1db1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358703", "to_ids": true, "type": "sha1", "uuid": "17cdf117-b4c6-4567-aba8-1ba7af6dc1ab", "value": "bc79d07eb4ec7041dce91596a56cbe07b5e107e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358704", "to_ids": true, "type": "sha256", "uuid": "7ca9a32e-2620-4762-9844-de6310fda60c", "value": "5001793790939009355ba841610412e0f8d60ef5461f2ea272ccf4fd4c83b823", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740321998", "to_ids": true, "type": "ssdeep", "uuid": "f9597991-4166-4681-a72d-15d171fbabd3", "value": "192:prTrdRndloJxBdUwLlacZZ+uH39r2J9Huk00H2Z4caLaJ:1LDoJxBKwBac2uH3U9OkRHKWLC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740321998", "to_ids": false, "type": "size-in-bytes", "uuid": "7107097d-9b89-4779-8137-4180ca9ada3a", "value": "12800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740321998", "to_ids": true, "type": "vhash", "uuid": "19985a21-ffb8-4b46-a368-ca9f85a2348c", "value": "114056651d6e1519z16z19xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740321998", "to_ids": true, "type": "filename", "uuid": "4bc6c310-613d-4e19-9df9-e9cbe3823c06", "value": "test (9)" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 20/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740321998", "to_ids": false, "type": "text", "uuid": "3a03f3f2-e760-43d4-920a-b74b009f496e", "value": "Stage 1 file\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.B!dha\nVT Total Detection:63/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505532", "uuid": "3d462a3b-8493-4dc0-bb4e-e169288cef4d", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505532", "to_ids": true, "type": "md5", "uuid": "501b0c11-9bf2-4dc2-bd30-cde16b375d40", "value": "bfbe8c3ee78750c3a520480700e440f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358705", "to_ids": true, "type": "sha1", "uuid": "85a9344d-2158-46bd-9898-1c8832534dba", "value": "b9d34609371481c5bc0147f46ff393e9c60805a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358706", "to_ids": true, "type": "sha256", "uuid": "fcbfb0b1-1d4f-454d-9dd5-31aec933d2dc", "value": "8d7be9ed64811ea7986d788a75cbc4ca166702c6ff68c33873270d7c6597f5db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740322019", "to_ids": true, "type": "ssdeep", "uuid": "f66f9737-d71b-42ad-8982-734a736e1023", "value": "384:I5zTDp/zrw14v/o21QkHNUCLQGFoOkM2//:SHDpI6tNLflkM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740322019", "to_ids": false, "type": "size-in-bytes", "uuid": "67dde014-7955-4493-8b61-ebb347b61fe0", "value": "14336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740322019", "to_ids": true, "type": "vhash", "uuid": "7589b0fd-9336-4e7f-8321-b7117579d8f5", "value": "114056651d6e1519z26z1cxz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740322019", "to_ids": true, "type": "filename", "uuid": "2a4236bb-44e9-4b5c-a670-ef352888007b", "value": "file_11" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 07/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740322019", "to_ids": false, "type": "text", "uuid": "c22dc8aa-6691-4bf0-8722-a4ea381420ea", "value": "Stage 1 file\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.B!dha\nVT Total Detection:56/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505553", "uuid": "7bb9b52e-1f42-4fa5-ac0c-5d3149115f10", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505553", "to_ids": true, "type": "md5", "uuid": "461df5e3-47f5-4bef-9829-812500b7bfda", "value": "d240f06e98c8d3e647cbf4d442d79475", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358707", "to_ids": true, "type": "sha1", "uuid": "4886111d-6e18-41c5-8beb-248e80e30799", "value": "40ff545ced31bc32b65be19ed2739355c054ee52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358707", "to_ids": true, "type": "sha256", "uuid": "b75a1735-a558-4a46-bd56-63c1ec8fe6c3", "value": "9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740322041", "to_ids": true, "type": "ssdeep", "uuid": "52080f9d-630c-450d-ad26-9cff9e450ee1", "value": "192:uriOhwrbpGriad7dcgLQcMavdPvlwT1kpCdaqIi5o7DGNq3Ms7ybz7:NBdadBccVMavVvlwT1kpz5iu7DJr7yb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740322041", "to_ids": false, "type": "size-in-bytes", "uuid": "7b3de8b9-f28d-40f9-915e-0714c196ab47", "value": "11904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740322041", "to_ids": true, "type": "vhash", "uuid": "5a2284ae-642d-4ddb-8d1f-c7a5677c1531", "value": "0140466d7e5519z16z19xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740322041", "to_ids": true, "type": "filename", "uuid": "a0c48e5b-113d-47e1-8f5b-a59bcfa0b84b", "value": "test (13)" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 10/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740322041", "to_ids": false, "type": "text", "uuid": "464e36c0-cc05-404e-a451-43c7168d7d6f", "value": "Stage 1 file\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:WinNT/Regin.A!dha\nVT Total Detection:63/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505574", "uuid": "3cdee2b6-7573-4362-87a9-df782047b73b", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505574", "to_ids": true, "type": "md5", "uuid": "4e77f8a4-5baf-459b-bb5d-1c78ccc93a13", "value": "ffb0b9b5b610191051a7bdf0806e1e47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358709", "to_ids": true, "type": "sha1", "uuid": "733c2991-2f40-44dd-a675-71016aeeb3bd", "value": "75a9af1e34dc0bb2f7fcde9d56b2503072ac35dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 1 file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358709", "to_ids": true, "type": "sha256", "uuid": "da55c9cd-8e3e-484a-92ec-54b64a0ddfa1", "value": "b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740322063", "to_ids": true, "type": "ssdeep", "uuid": "0617c2f9-1005-47d6-91d1-1d472a011cf6", "value": "192:jIhG67ccuvuj7CJj5VQOLX0G1Qc/9HdPvlw3+KHsuyB95oTGB3Mm7:lEg1VJLPV/9HVvlwO6s59yTWJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740322063", "to_ids": false, "type": "size-in-bytes", "uuid": "97f3a8c9-6f7b-4203-b988-df69b88e1147", "value": "12608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740322063", "to_ids": true, "type": "vhash", "uuid": "8a75224b-c822-4b86-935d-877f83c711de", "value": "0140466d7e5519z16z19xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740322063", "to_ids": true, "type": "filename", "uuid": "590ab26d-028f-419d-86ec-43ef6ece18a6", "value": "test (19)" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 29/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740322063", "to_ids": false, "type": "text", "uuid": "a42716de-0e87-4c35-9d91-e69f9073055f", "value": "Stage 1 file\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:WinNT/Regin.A!dha\nVT Total Detection:63/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505595", "uuid": "4ea83041-8e09-491b-a210-e0a2ff9e526a", "Attribute": [ { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505595", "to_ids": true, "type": "md5", "uuid": "46fa8240-d13a-4fde-ae8e-c37675a5e62a", "value": "01c2f321b6bfdb9473c079b0797567ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358710", "to_ids": true, "type": "sha1", "uuid": "775738e7-0e40-4524-8c32-729a2642e167", "value": "5031f07749c2639e57a6628a4361fe363d77c34e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358710", "to_ids": true, "type": "sha256", "uuid": "346df201-50e5-4e9e-9917-d90c9a5cf593", "value": "392f32241cd3448c7a435935f2ff0d2cdc609dda81dd4946b1c977d25134e96e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740322084", "to_ids": true, "type": "ssdeep", "uuid": "c3970544-07c7-4c92-b3cd-146cef202b60", "value": "1536:NjEbfB0PBjXREdkH70o1gNu75QemY1a8LA:xKfB0hX170o1AGIYJLA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740322084", "to_ids": false, "type": "size-in-bytes", "uuid": "6cd4a3f3-9f16-40be-880b-bb37ef855544", "value": "72192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740322084", "to_ids": true, "type": "vhash", "uuid": "ebd4ba23-5e49-432d-ac08-75e7314f826b", "value": "174076651d666e651559zc6z56xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740322084", "to_ids": true, "type": "filename", "uuid": "90fbf6d4-a209-4de4-82bc-f301df512bbf", "value": "Ser8UART" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 03/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740322084", "to_ids": false, "type": "text", "uuid": "ece2f6de-5c35-4931-a11c-b6a381f9d787", "value": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.gen.A!dha\nVT Total Detection:56/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505616", "uuid": "7c0a2af8-378b-41b0-94e2-4f9ff112b8fa", "Attribute": [ { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505616", "to_ids": true, "type": "md5", "uuid": "07c04e50-ae15-40a9-a503-5bc102a6e456", "value": "47d0e8f9d7a6429920329207a32ecc2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358712", "to_ids": true, "type": "sha1", "uuid": "9cbcb3a1-c6bf-4311-8010-0383a6e09081", "value": "bdd2872798659ea9fc6f9e6c3300a5e949a54e41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358712", "to_ids": true, "type": "sha256", "uuid": "8893bb5c-20bd-40b9-8fe1-a4d8867dc7f2", "value": "8389b0d3fb28a5f525742ca2bf80a81cf264c806f99ef684052439d6856bc7e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740322106", "to_ids": true, "type": "ssdeep", "uuid": "cbe2fe05-1be1-4492-95f4-5f2cbecb5d93", "value": "768:ep1U2hAVkcE5oNE85XCfnEfXJ4LwuLgY5CPbM0Y:ep1U8AfE5oNEdfEfXJ4LwsgY5CPb7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740322106", "to_ids": false, "type": "size-in-bytes", "uuid": "22aca9e4-0969-46b7-bd07-40b6208c72dc", "value": "39424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740322106", "to_ids": true, "type": "vhash", "uuid": "c9899b7f-2fb0-4a6d-af17-065a6b540dd1", "value": "134066651d6e651519ze6z48xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740322106", "to_ids": true, "type": "filename", "uuid": "9074949c-2889-47eb-a13f-526d0b2adf24", "value": "abiosdsk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740322106", "to_ids": false, "type": "text", "uuid": "a6779399-1735-4b66-832e-b052e6adf879", "value": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.gen.A!dha\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505637", "uuid": "46dae403-f4db-4fd9-aa2d-8329bb19682c", "Attribute": [ { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505637", "to_ids": true, "type": "md5", "uuid": "1587a3af-61dc-4bfb-b641-a9a0b0de7251", "value": "744c07e886497f7b68f6f7fe57b7ab54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358713", "to_ids": true, "type": "sha1", "uuid": "5a225cb4-b820-4e09-8b2f-c3e7956e2427", "value": "5f39dc77ce189dbee5758fe4ca07739c5bd454f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358714", "to_ids": true, "type": "sha256", "uuid": "40718f05-0734-48e5-b054-dfe62e8926b9", "value": "9ddbe7e77cb5616025b92814d68adfc9c3e076dddbe29de6eb73701a172c3379", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740322127", "to_ids": true, "type": "ssdeep", "uuid": "883acdeb-fa46-4e0e-b529-ea3d693bf1b3", "value": "384:lsCnDPzrwvPkUklcHLQCk7wkc/79K2/khc9dQoWSvjsjFcZlH+jtCYw+RS7ojBWr:lsCnD1QLXec/IZTRG4+Zlg3Y3o32v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740322127", "to_ids": false, "type": "size-in-bytes", "uuid": "3eb91a63-c51e-42c8-abbd-ea637c7e5eb7", "value": "34304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740322127", "to_ids": true, "type": "vhash", "uuid": "f6b36c55-1237-4219-a899-a0fcd2cc5ba8", "value": "134076651d666e651519zf6z4fxz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740322127", "to_ids": true, "type": "filename", "uuid": "5d2432f5-a1b9-4787-9aa0-c1d48ff82277", "value": "floppy" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740322127", "to_ids": false, "type": "text", "uuid": "8a986422-e6ca-42db-9bd7-d3b056ba3ab9", "value": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.gen.A!dha\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505658", "uuid": "bf001239-ee38-41ac-8c69-aecf80343e6d", "Attribute": [ { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505658", "to_ids": true, "type": "md5", "uuid": "0fb4b3c9-b1f6-4284-86c9-dca9c60a182e", "value": "db405ad775ac887a337b02ea8b07fddc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358715", "to_ids": true, "type": "sha1", "uuid": "d31ff1d1-e9bf-41ec-b438-9151038bb791", "value": "16c126de5e55fda930e8b01a2714cb62849eba11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358715", "to_ids": true, "type": "sha256", "uuid": "02158d17-8961-4059-8ebb-9c34878be890", "value": "225e9596de85ca7b1025d6e444f6a01aa6507feef213f4d2e20da9e7d5d8e430", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740322149", "to_ids": true, "type": "ssdeep", "uuid": "fdb2d182-0363-4a84-8843-f18a6ccbb28e", "value": "384:kt8x3k1AEsQKODozrwWPk5lHHfKCS8GdKR6eJ3CpP+MxocyqmOcBDWtxd+WOV5:MzWEs1ODflfxHR6M8PPocy+HuV5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740322149", "to_ids": false, "type": "size-in-bytes", "uuid": "0adbecc0-7363-4fab-92dd-e6f41722daaa", "value": "27136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740322149", "to_ids": true, "type": "vhash", "uuid": "f8c607a0-d0ab-487c-b22b-003d92eaacbd", "value": "124066651d6e551519z96z45xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740322149", "to_ids": true, "type": "filename", "uuid": "08f481a3-f587-4cd8-a451-0d45675c6fd9", "value": "parclass" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 30/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740322149", "to_ids": false, "type": "text", "uuid": "b93c39fc-6e4b-4fe1-9977-82f168446194", "value": "Unusual stage 1 files apparently compiled from various public source codes merged with malicious code\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:WinNT/Regin.B!dha\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747505680", "uuid": "86887ce8-7523-4840-bd44-946117f70825", "Attribute": [ { "category": "Payload delivery", "comment": "Stage 3", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747505680", "to_ids": true, "type": "md5", "uuid": "d3f07fc1-9611-494d-bf27-61c4d32fbb73", "value": "8486ec3112e322f9f468bdea3005d7b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 3", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358717", "to_ids": true, "type": "sha1", "uuid": "ea046f74-2865-417e-8549-e1cd1ecd8b0a", "value": "cd161a5cd074cfbfcad5f8b1abe321283c642982", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Stage 3", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358717", "to_ids": true, "type": "sha256", "uuid": "06ce0e1c-321d-42e6-b4c3-33515200b011", "value": "14479de5e9204389444cf2f5a1afb8670e47ec864b23685c16eeab9447671815", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740322296", "to_ids": true, "type": "ssdeep", "uuid": "ca81aac7-ef7e-4cbe-be27-e77b809f6272", "value": "3072:IKhUY/iKmosj5udZkbs3XgqWbHhgs8ZjcBJSo8g0U6:IKhJ/iw6Hhgs+cBJSo70U6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740322296", "to_ids": false, "type": "size-in-bytes", "uuid": "169e2a61-ccb0-423c-a72a-72ff521c33bb", "value": "161502" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740322296", "to_ids": true, "type": "vhash", "uuid": "aab1ff9d-0489-4abc-8f68-93eb99c40a18", "value": "0150566d151e5569z86z61wz4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740322296", "to_ids": true, "type": "filename", "uuid": "5f1e6b91-fc61-4a47-81d7-370f66cac577", "value": "VirusShare_8486ec3112e322f9f468bdea3005d7b5" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740322296", "to_ids": false, "type": "text", "uuid": "d1bf4887-2076-40f1-8911-7108deb83b9e", "value": "Stage 3\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:WinNT/Regin.gen.B!dha\nVT Total Detection:52/72" } ] }, { "comment": "", "deleted": false, "description": "User-account object, defining aspects of user identification, authentication, privileges and other relevant data points.", "meta-category": "misc", "name": "user-account", "template_uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", "template_version": "6", "timestamp": "1746497887", "uuid": "5d95e620-6b5f-48ac-b487-199ea53fa34b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "password", "timestamp": "1746497887", "to_ids": false, "type": "text", "uuid": "99508928-3086-4484-8c25-f5ca671afd1d", "value": "Eric" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1746497887", "to_ids": false, "type": "text", "uuid": "9b1cc38a-f32d-4692-9c19-f276b687d822", "value": "nss1" } ] }, { "comment": "", "deleted": false, "description": "User-account object, defining aspects of user identification, authentication, privileges and other relevant data points.", "meta-category": "misc", "name": "user-account", "template_uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", "template_version": "6", "timestamp": "1746497915", "uuid": "9c9a35c0-880e-4b28-9f11-df020139d9bc", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "password", "timestamp": "1746497915", "to_ids": false, "type": "text", "uuid": "d86cc358-7a09-42a3-b482-3ff9285dd60a", "value": "Adm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1746497915", "to_ids": false, "type": "text", "uuid": "c897c939-4d7a-486c-a43c-134ba1f85187", "value": "administrator" } ] }, { "comment": "", "deleted": false, "description": "User-account object, defining aspects of user identification, authentication, privileges and other relevant data points.", "meta-category": "misc", "name": "user-account", "template_uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", "template_version": "6", "timestamp": "1746497939", "uuid": "29c8f53a-7ec9-4b05-8336-d4eb041665f6", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "password", "timestamp": "1746497939", "to_ids": false, "type": "text", "uuid": "b1b9b437-76bf-4c10-b441-cf1d84c7c172", "value": "New" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1746497939", "to_ids": false, "type": "text", "uuid": "af77a6d3-bc8e-41ef-8f08-9dbdb2c336e7", "value": "oss" } ] }, { "comment": "", "deleted": false, "description": "User-account object, defining aspects of user identification, authentication, privileges and other relevant data points.", "meta-category": "misc", "name": "user-account", "template_uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", "template_version": "6", "timestamp": "1746497969", "uuid": "d75130be-a289-49bb-b77d-461c30ff1842", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "password", "timestamp": "1746497969", "to_ids": false, "type": "text", "uuid": "a1a65375-8f31-41f8-a0e4-ce8c18d37d10", "value": "Bag" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1746497969", "to_ids": false, "type": "text", "uuid": "06806907-68c0-4775-b671-484063f9a205", "value": "hed" } ] }, { "comment": "", "deleted": false, "description": "User-account object, defining aspects of user identification, authentication, privileges and other relevant data points.", "meta-category": "misc", "name": "user-account", "template_uuid": "49606b06-22f0-4ac8-8eee-2f12ad46f3d3", "template_version": "6", "timestamp": "1746497992", "uuid": "f0470775-e075-405a-b2fe-f7c5bf78b295", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "password", "timestamp": "1746497992", "to_ids": false, "type": "text", "uuid": "069f89d0-ecaf-4864-8ed5-0b4791edcb0e", "value": "Alla" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "username", "timestamp": "1746497992", "to_ids": false, "type": "text", "uuid": "6b8357c3-1f8c-4630-bf55-09a6de32e68c", "value": "sed" } ] } ] } }