{ "Event": { "analysis": "1", "date": "2025-01-09", "extends_uuid": "", "info": "[Threat Intel] RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats", "protected": false, "publish_timestamp": "1780041096", "published": true, "threat_level_id": "1", "timestamp": "1780041095", "uuid": "347c0089-b4d3-4cbc-862d-3666180df28b", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#bf83fd", "local": false, "name": "misp-galaxy:producer=\"Recorded Future\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#bb2745", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"", "relationship_type": "" }, { "colour": "#eadc12", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#e72d65", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1574.001\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#7eb739", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Msiexec - T1218.007\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": "" }, { "colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#d9dfae", "local": false, "name": "misp-galaxy:target-information=\"Mongolia\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": "" }, { "colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#997689", "local": false, "name": "misp-galaxy:target-information=\"Ethiopia\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"RedDelta\"", "relationship_type": "" }, { "colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": "" }, { "colour": "#3500cd", "local": false, "name": "rectifyq:detection-rules=\"sigma-from-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-malware=\"PlugX - S0013\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Unidentified 115 (Nim Loader)\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736732358", "to_ids": false, "type": "link", "uuid": "d8c9b948-a7c6-4a6b-b925-ff965de9824e", "value": "https://www.recordedfuture.com/research/reddelta-chinese-state-sponsored-group-targets-mongolia-taiwan-southeast-asia" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736732359", "to_ids": false, "type": "text", "uuid": "d670f97a-860a-474e-a836-ed23d57ddf4a", "value": "Between July 2023 and December 2024, the Chinese state-sponsored group RedDelta targeted Mongolia, Taiwan, and Southeast Asian countries with an adapted infection chain to distribute its customized PlugX backdoor. The group used themed lure documents and evolved its tactics, transitioning from Windows Shortcut files to Microsoft Management Console Snap-In Control files, and finally to HTML files hosted on Microsoft Azure. RedDelta consistently used Cloudflare CDN to proxy command-and-control traffic, blending with legitimate traffic. The group's activities align with Chinese strategic priorities, focusing on governments and diplomatic organizations in the targeted regions." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736732359", "to_ids": false, "type": "text", "uuid": "e4613acb-a6d2-4afe-a47e-0e943e79eead", "value": "Name: RedDelta: Chinese State-Sponsored Group Targets Mongolia, Taiwan, and Southeast Asia with Evolving Cyber Threats\nAuthor: AlienVault\nAdversary: RedDelta\nTags: [\"spearphishing\", \"plugx\", \"cloudflare cdn\", \"Shortcut (LNK) file\", \"HTML\", \"Microsoft Azure\"]\nTgtd countries: [\"Mongolia\", \"Taiwan\", \"Myanmar\", \"Cambodia\", \"Malaysia\", \"Japan\", \"Ethiopia\", \"India\"]\nMlwr families: [\"PlugX\"]\nAttack_ids: [\"T1132.001\", \"T1036.005\", \"T1204.002\", \"T1573.001\", \"T1566.002\", \"T1566.001\", \"T1574.001\", \"T1082\", \"T1218.007\", \"T1140\", \"T1583.001\", \"T1583.003\", \"T1102\", \"T1059.001\", \"T1547.001\", \"T1071.001\"]\nIndustries: [\"Government\", \"Defense\", \"NGO\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736732359", "to_ids": false, "type": "threat-actor", "uuid": "f9c38d38-fa8b-4a5d-a24b-cfba935acc20", "value": "RedDelta" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736732363", "to_ids": true, "type": "yara", "uuid": "2309e34e-5aff-4d77-bdf9-ca1f3b68c9c5", "value": "38dd9e5e5c14ba22541b07f15d3abe37f7218b97" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736732363", "to_ids": true, "type": "yara", "uuid": "b412eda8-7f45-497f-83f9-bf65399d9164", "value": "85a88b864c8ab4018727546eb83b393d1e211042" }, { "category": "Artifacts dropped", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736732363", "to_ids": true, "type": "yara", "uuid": "22f4563d-e52d-414d-a43d-d5d7c13a2530", "value": "fed4c8662f153d43327f8fd9f345b93b49527538" }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823656", "to_ids": true, "type": "sha256", "uuid": "24d87de2-65e6-4558-aaf8-91b54ad532ee", "value": "2232cd249be265d092ea923452f82aae28f965b48897fe6f05a7cd4495fcd96e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823657", "to_ids": true, "type": "sha256", "uuid": "cef99359-dc64-4cfa-89f8-1471340ca147", "value": "aaad74fbf1b3f499aa2be9f5a86f0d6427c2d807c27532090671295a2b5d67e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823659", "to_ids": true, "type": "sha256", "uuid": "e5172dc6-d0fc-4d28-9f2e-cbc1037379b9", "value": "6e37ad572f1e7d228c8c0c7cb1ef2d966d16d681669587cfb80e063106d77a6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823660", "to_ids": true, "type": "sha256", "uuid": "518dc403-0998-4bc4-8aed-af7f76d8b4e6", "value": "6ac4b0fd81e317615e0935e83874ef997b7bff3aff2f391405a2e22161f4fd45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823661", "to_ids": true, "type": "sha256", "uuid": "9a6c9740-58bb-42ae-ad5b-e2e49b4b7079", "value": "dd2d8fb565b18065bde545da16f67f31036b4d45dec5b82caa74e30a617e85e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823662", "to_ids": true, "type": "sha256", "uuid": "ef11235f-2558-47df-8f48-8a3a23973c4b", "value": "945f7ca6ce890f6cd1813b0ed1912ef25ed4a5f11da0fe97c20fe443bd4489a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823663", "to_ids": true, "type": "sha256", "uuid": "5a55613b-b554-4af3-a3ef-98763fd73e7e", "value": "042045687882ec8dc2d61e26e86e56620c4a1e694b46f9ce814b060cb0cf4bb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823665", "to_ids": true, "type": "sha256", "uuid": "36561d51-7772-474b-94ba-bd1886935813", "value": "5479927c78faed415853c3ba3798dfff93d4047a17c3c4d87f7dc1ce8289395c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823666", "to_ids": true, "type": "sha256", "uuid": "04d67274-1038-4c31-8e24-3b13da54f4f7", "value": "d8981d4cbca9b99828a9459e4abfbbe20a221bfc59fc0f2a6d6a751c363b26c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823667", "to_ids": true, "type": "sha256", "uuid": "977f3505-c42c-4b99-ab34-5ef1955c9c90", "value": "c6bd2c31ebaa8d51964c49a22bc796aa506e594d6f1b1043b01d0baf58836172", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823668", "to_ids": true, "type": "sha256", "uuid": "0e04bfaa-cc34-4bc2-be22-553d9965b4fc", "value": "df3e5c62fa7086eec23c04cb52a17d64aa0b4f252551c8a65c599291a7cee61f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823669", "to_ids": true, "type": "sha256", "uuid": "0fff3a73-1a6e-4c28-97da-4814c3f80ac2", "value": "2c791775e66a77fe72aa826823f554bfe9a41525c6c1c14798cf56a42925db31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823670", "to_ids": true, "type": "sha256", "uuid": "78b6d7b2-b33e-47a7-b928-f2018c940b63", "value": "a7735182b7f9f2c10af3f8d2d10634c344d984f6e53e7a3787e4d3d756a7a0a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823672", "to_ids": true, "type": "sha256", "uuid": "96bf813c-658f-4d3d-a008-f6e310172cb6", "value": "53bafcf064d421341c582d93108e84df2f0e284c2b0a4dc2deb9099aa953bf5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823673", "to_ids": true, "type": "sha256", "uuid": "5b1abd65-9a91-4c72-ac47-dfbd658cee53", "value": "7a16ba2f0d2c4f7779b67e41f8196ddc6652ca7b61607696ed154df83c8d7b9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823674", "to_ids": true, "type": "sha256", "uuid": "a5985446-0cff-469b-bb3c-8f7f04919861", "value": "749d8980d80966480c85c112a10e1be3d391c1f4673977e880fa461edc2cbf18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823675", "to_ids": true, "type": "sha256", "uuid": "31eba21b-203a-44fc-8777-1b13d6659f4f", "value": "2220a9297876d7ffb5ad8da4d35ed7b2c8746129f66056e81c4f74a6bb224fd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823676", "to_ids": true, "type": "sha256", "uuid": "66449cbb-9414-41e2-8c38-22fb836da2ec", "value": "3ced0837225b635f2ed63e4f72f95933d804e089a21eb8022407a74d772bb94f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823677", "to_ids": true, "type": "sha256", "uuid": "e6093deb-023b-454e-97f8-bbefe5d8a642", "value": "f1f58fda25e2a6dde9cab4faf02f7246d2a8ab2c96b4b055deea4093eee9d0e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823679", "to_ids": true, "type": "sha256", "uuid": "23058474-1782-48f5-b644-274a3203058a", "value": "77f813a461b4f1f1c765d951f0bf04668d96efea72cb8ecfb594ea2e36153cf8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823680", "to_ids": true, "type": "sha256", "uuid": "5f64bec0-9fd2-419d-96de-807a4162e7e5", "value": "dc155cb86f5240c2c39c851e006e39cb33ed9b52e0633cbcdcc2164a47a93e22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823681", "to_ids": true, "type": "sha256", "uuid": "319d2f15-0753-402f-9f02-54ac5df0b524", "value": "5400fda058d7a13c27e9c95453634e4fee9a421023e0d4482f3eacc198caa928", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823682", "to_ids": true, "type": "sha256", "uuid": "8c5ab236-7a75-4e3a-8926-341e5ba3c6f9", "value": "f1812ca5170af2401d501561d2a3036379752d22111b10f9ac570587364c82aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823683", "to_ids": true, "type": "sha256", "uuid": "d14eb953-7153-49f7-b480-b70dfa2ffc76", "value": "e1c85c49982339770189f7947b5bfeb926bc3e4e1d1c63655cb0f8cfdc82a647", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823684", "to_ids": true, "type": "sha256", "uuid": "bf5fd29c-9356-454f-a4f8-bbd52ec5ca71", "value": "abd5a09ec75ff36df87ece894cab441ef7f021f5bdd8ba55d00b8ed8aac03ab4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823685", "to_ids": true, "type": "sha256", "uuid": "1e4787f8-3fe2-4ce7-874e-97dff8fdc550", "value": "7b8dbfe66d16ad627d3864bd5d396b98a86c75aa4a3d87067a03221d73a560c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823687", "to_ids": true, "type": "sha256", "uuid": "4e0121ad-1642-4545-bce0-bdef6056aa17", "value": "52ba1bd4d40202c24cb896a355f094dbe0dc6e211f5ddd5b59f0c39b99203172", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823688", "to_ids": true, "type": "sha256", "uuid": "70da1741-c49f-4c02-bf14-41133b2f3bd4", "value": "b02b2c0a9209f20dab4efbc458160f5a9efdb81b6474ec10bb727295a86d825a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823689", "to_ids": true, "type": "sha256", "uuid": "8abbabcc-9e28-4561-9027-71d081b24183", "value": "7f382a8b19613d078e4b78b677cb7592cab7c17577638e7ecad0a4952c6f4055", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823690", "to_ids": true, "type": "sha256", "uuid": "bc85525f-b6c0-4033-818d-8f4e480429a3", "value": "aafff72a8c4ad7be37b25e3686a28a11f1d29a0acc771cac1974e17c176c5ed1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823691", "to_ids": true, "type": "sha256", "uuid": "87a2bbcb-a51d-422d-9d3a-8a30525f1ad9", "value": "16dd782942b25aa2eb61bc7de36820444b9f55846c815e249a942b52c61be6b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823693", "to_ids": true, "type": "sha256", "uuid": "20fd25a2-9010-47c4-9288-608c3a04d8e7", "value": "d674025113d350438a11439d56db111881de887fea41b2d168c6c2b8d8c22014", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823694", "to_ids": true, "type": "sha256", "uuid": "403fee3b-575b-4e8e-8b88-31c4b0977751", "value": "ca963057e69914d7e6c40aa7c43b393a1516f6dfdd2abfed12ddaa21fc2cfcce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823695", "to_ids": true, "type": "sha256", "uuid": "b407de04-9b41-45c9-8680-30239f3ed424", "value": "96085a217f0841bae3fe77ecf60785a5cf4051748e90c818cf6160f7fd00b12e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823696", "to_ids": true, "type": "sha256", "uuid": "0d4b0cc4-4810-496d-bac7-31e44e54d7a6", "value": "bde73773529ec32161fb8a675b50678771bf317a83f3dd8d0c47f54bdc665722", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823697", "to_ids": true, "type": "sha256", "uuid": "a6511570-fd5b-4169-8f81-ae70de6311c8", "value": "94ad60e87518ac2f655be1b0297e0109da3ef0ae733357206e3e87712c5dfba7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823698", "to_ids": true, "type": "sha256", "uuid": "77de01b5-6efa-472e-8be9-8fc0f2418aa6", "value": "4ac2a633904b0da3ac471776ecbaded91e1f3a5107630fafde76868cace46051", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823699", "to_ids": true, "type": "sha256", "uuid": "b3e2c13b-ff0c-42e4-8ed1-18e4e765faec", "value": "75e849cc96c573fdfe0233b4d9a79c17fb4c40f15c0b6c0d847c461a30f1cbe8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT) No sample in VT\r\nLast check:14/01/2025", "deleted": false, "disable_correlation": false, "timestamp": "1736823701", "to_ids": true, "type": "sha256", "uuid": "10c9bcbe-f577-4bcb-8fa3-5602ac355a8e", "value": "5dae5254493df246c15e52fd246855a5d0a248f36925cecee141348112776275", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824168", "to_ids": true, "type": "domain", "uuid": "b648f1d0-e591-4132-bbdd-7b5192641487", "value": "abecopiers.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824190", "to_ids": true, "type": "domain", "uuid": "161fce38-51a2-4faa-a62e-8bd5f17f3b7a", "value": "alicevivianny.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824216", "to_ids": true, "type": "domain", "uuid": "9787a5fd-bfe8-4562-a991-6eca895c9336", "value": "aljazddra.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824237", "to_ids": true, "type": "domain", "uuid": "a9cb8a4b-fdb8-4957-b9ef-09de86f76445", "value": "alphadawgrecords.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824259", "to_ids": true, "type": "domain", "uuid": "29dc737d-a2c0-4947-b8c1-5b549143d3aa", "value": "alvinclayman.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824280", "to_ids": true, "type": "domain", "uuid": "cc53bd13-e9ae-49f0-878a-ea701d8a5f0e", "value": "antioxidantsnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824302", "to_ids": true, "type": "domain", "uuid": "592028f4-5120-47b7-a045-db57d536c126", "value": "armzrace.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824324", "to_ids": true, "type": "domain", "uuid": "a5aa1522-6ac2-4548-9534-d33f19dc4840", "value": "artbykathrynmorin.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824345", "to_ids": true, "type": "domain", "uuid": "917f9adc-6f24-40c6-89f1-0e9beb04234e", "value": "atasensors.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824366", "to_ids": true, "type": "domain", "uuid": "6c546725-b175-4020-871a-b77f81a01b88", "value": "bkller.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824388", "to_ids": true, "type": "domain", "uuid": "d3e8e5da-2de0-4d63-8e6c-a9453916ed6c", "value": "bonuscuk.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824409", "to_ids": true, "type": "domain", "uuid": "45deaac7-6dd7-470f-a801-16c8b8303b0f", "value": "bramjtop.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824430", "to_ids": true, "type": "domain", "uuid": "04896416-af27-4d41-9bf5-92e9262a559c", "value": "buyinginfo.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824451", "to_ids": true, "type": "domain", "uuid": "5f374354-3b67-4b8f-9ff7-ea626e9ec95b", "value": "calgarycarfinancing.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824473", "to_ids": true, "type": "domain", "uuid": "2f06a252-aaef-4c8e-ba5e-5cd3e6c921a3", "value": "comparetextbook.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824494", "to_ids": true, "type": "domain", "uuid": "2109b19f-e123-47eb-a710-913d2cf62390", "value": "conflictaslesson.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824515", "to_ids": true, "type": "domain", "uuid": "ce250a2f-c007-421e-9ab3-0918c54513f2", "value": "councilofwizards.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824536", "to_ids": true, "type": "domain", "uuid": "e664ff46-1320-4a7a-9aa8-dd18761fecc1", "value": "crappienews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824557", "to_ids": true, "type": "domain", "uuid": "54c18ab8-35f4-4ebe-97a7-ac5aaf2b150b", "value": "createcopilot.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824579", "to_ids": true, "type": "domain", "uuid": "3a4c6057-90bf-41f3-88e8-9bf2c078d902", "value": "cuanhuaanbinh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824600", "to_ids": true, "type": "domain", "uuid": "3091179c-bcc3-499b-8e9c-963f42bcc9ff", "value": "dmfarmnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824621", "to_ids": true, "type": "domain", "uuid": "fd3c5d08-a766-431e-9bf6-249745ebce86", "value": "electrictulsa.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824642", "to_ids": true, "type": "domain", "uuid": "395a85b2-4ede-4aec-9366-86288275428f", "value": "elevateecom.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824664", "to_ids": true, "type": "domain", "uuid": "0a787afb-fb67-4d5f-b385-3cf279c59be4", "value": "epsross.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824686", "to_ids": true, "type": "domain", "uuid": "c94aa47d-d97b-427d-b02e-ebbdb2a4f90a", "value": "erpdown.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824707", "to_ids": true, "type": "domain", "uuid": "00667ee1-b742-4284-a221-038c1d22c4a7", "value": "estmongolia.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824728", "to_ids": true, "type": "domain", "uuid": "f23cdc6d-ebf3-4909-bb3c-439671aa999a", "value": "financialextremed.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824750", "to_ids": true, "type": "domain", "uuid": "895f50ac-c127-4a49-85ed-d72be7414f29", "value": "finasterideanswers.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824771", "to_ids": true, "type": "domain", "uuid": "42f58f5c-f8d1-4b4d-8cef-c1d3899593f4", "value": "flaworkcomp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824792", "to_ids": true, "type": "domain", "uuid": "a61a88b1-1d29-46c9-8851-49ee33335b7b", "value": "flfprlkgpppg.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824813", "to_ids": true, "type": "domain", "uuid": "298a3e12-f9a1-4c3a-af85-a6b08fe29fe4", "value": "getfiledown.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824835", "to_ids": true, "type": "domain", "uuid": "a3aef667-b919-4ace-a796-cb6803de3b10", "value": "getupdates.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824856", "to_ids": true, "type": "domain", "uuid": "9d5c8602-d93f-4b9d-b82e-1e32f9311793", "value": "glassdoog.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824877", "to_ids": true, "type": "domain", "uuid": "55e80674-8370-42d8-ae80-5f21e26c361a", "value": "globaleyenews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824898", "to_ids": true, "type": "domain", "uuid": "399553d3-c343-4f2d-a0bc-e00d154223d6", "value": "goclamdep.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824919", "to_ids": true, "type": "domain", "uuid": "2cec5d9b-abb3-4b36-9421-70bbd0e0d84b", "value": "goodrapp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824940", "to_ids": true, "type": "domain", "uuid": "37947a80-da44-4f07-b1ad-79621bb88c2e", "value": "gulfesolutions.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824961", "to_ids": true, "type": "domain", "uuid": "c902094d-11b2-4ee0-9c93-cc0578d59bd4", "value": "hajjnewsbd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736824982", "to_ids": true, "type": "domain", "uuid": "c719914d-18b2-47f7-815f-18e3c08aedac", "value": "hisnhershealthynhappy.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825003", "to_ids": true, "type": "domain", "uuid": "e58f6da7-19af-4e6d-b76b-bf7cfd82925f", "value": "homeimageidea.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825024", "to_ids": true, "type": "domain", "uuid": "a46f217a-4a2b-4ee5-bbe2-66c6ca901881", "value": "howtotopics.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825045", "to_ids": true, "type": "domain", "uuid": "e77bee10-c0b1-4420-baf1-22493aab776c", "value": "importsmall.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825067", "to_ids": true, "type": "domain", "uuid": "34718ee5-5eeb-43bc-a597-bf30a3f949cb", "value": "indiinfo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825088", "to_ids": true, "type": "domain", "uuid": "cd064cea-9f92-4cff-8181-e8ab8df45044", "value": "infotechtelecom.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825109", "to_ids": true, "type": "domain", "uuid": "e18230e5-8bfd-46d6-9288-ccddfb4aafd7", "value": "inhller.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825130", "to_ids": true, "type": "domain", "uuid": "725e1cc2-f081-440e-b46b-4be7508c9382", "value": "instalaymantiene.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825151", "to_ids": true, "type": "domain", "uuid": "ed758bf4-7b27-43a0-b547-e8b493c4c609", "value": "iplanforamerica.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825173", "to_ids": true, "type": "domain", "uuid": "b3ac2b57-5e75-4060-b2d6-9b02acef47ed", "value": "irprofiles.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825194", "to_ids": true, "type": "domain", "uuid": "b0329073-fff6-4a1f-bc0e-b671e39b1891", "value": "itduniversity.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825215", "to_ids": true, "type": "domain", "uuid": "20c8bd1e-bbc4-4301-a331-c857a0d5fa11", "value": "ivibers.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825236", "to_ids": true, "type": "domain", "uuid": "23bf2770-9bc6-46d7-8b46-a3f1c437b109", "value": "jorzineonline.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825257", "to_ids": true, "type": "domain", "uuid": "72c39e22-fcb3-4296-bc38-16d95d1b98ba", "value": "kelownahomerenovations.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825278", "to_ids": true, "type": "domain", "uuid": "a8d8dae1-7d7a-488a-86de-e38bae0b8fa0", "value": "kentscaffolders.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825300", "to_ids": true, "type": "domain", "uuid": "50b09b0c-8c67-41ed-aedb-ec2cc7eea1f5", "value": "kerrvillehomeschoolers.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825321", "to_ids": true, "type": "domain", "uuid": "8c9c9593-1b51-43d7-b275-f9ee37847f41", "value": "kxmmcdmnb.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825342", "to_ids": true, "type": "domain", "uuid": "8ae3d60c-0a96-47d7-aad6-a4d1a7fc1074", "value": "lebohdc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825363", "to_ids": true, "type": "domain", "uuid": "a4a9b98d-284e-42b4-87d1-10ba617afb08", "value": "linkonmarketing.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825385", "to_ids": true, "type": "domain", "uuid": "d1a4c0d7-4893-48ca-9b4c-7ddac82d7230", "value": "loginge.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825406", "to_ids": true, "type": "domain", "uuid": "7fa299c1-7ea4-4725-897e-b9e985dfeffc", "value": "lokjopppkuimlpo.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825427", "to_ids": true, "type": "domain", "uuid": "966a291c-e9bf-433a-a741-8170958a5d96", "value": "londonisthereason.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825448", "to_ids": true, "type": "domain", "uuid": "9c550503-612c-400c-b244-f22c790f72a7", "value": "looksnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825469", "to_ids": true, "type": "domain", "uuid": "a3ce78e1-8403-46de-a29a-bda077a459ab", "value": "maineasce.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825490", "to_ids": true, "type": "domain", "uuid": "fdeda659-955c-4ba7-8536-43155fdc7a45", "value": "meetviberapi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825512", "to_ids": true, "type": "domain", "uuid": "44d28a42-6f99-4f00-8fb9-b18bf59ad1fe", "value": "mexicoglobaluniversity.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825533", "to_ids": true, "type": "domain", "uuid": "e030397d-c74d-46c7-9045-03764cc3eced", "value": "mobilefiledownload.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825554", "to_ids": true, "type": "domain", "uuid": "a279d9b8-e060-4845-b41f-82e797593a6c", "value": "mojhaloton.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825575", "to_ids": true, "type": "domain", "uuid": "e1f1889d-b390-4aef-b570-1c476149aa26", "value": "mongolianshipregistrar.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825596", "to_ids": true, "type": "domain", "uuid": "aa8c672e-47f4-43dd-b57a-83be9160057f", "value": "mrytlebeachinfo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825617", "to_ids": true, "type": "domain", "uuid": "7ac197ba-6808-4157-a291-4b24995e5924", "value": "myynzl.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825639", "to_ids": true, "type": "domain", "uuid": "bc8389cb-0e10-426a-a1b3-fb4721897b25", "value": "newslandtoday.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825660", "to_ids": true, "type": "domain", "uuid": "d89594f9-76ed-468a-b7b7-327252c0c1c3", "value": "normalverkehr.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825682", "to_ids": true, "type": "domain", "uuid": "4082b350-f1c8-4396-b58c-3d60b3fffcdc", "value": "nymsportsmen.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825703", "to_ids": true, "type": "domain", "uuid": "737403a0-3d29-48a4-9145-bc65db89cbc7", "value": "oncalltechnical.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825724", "to_ids": true, "type": "domain", "uuid": "10381096-332a-4de5-ad7f-4a2265c5977a", "value": "onmnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825745", "to_ids": true, "type": "domain", "uuid": "e10fd0b5-bfeb-437a-8602-858fde93b112", "value": "pgfabrics.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825767", "to_ids": true, "type": "domain", "uuid": "55777e46-4a0d-4a77-9590-14aee72a88e1", "value": "pinaylizzie.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825788", "to_ids": true, "type": "domain", "uuid": "9b5a7e15-9ef1-45b8-b2ea-eef9a8415e2b", "value": "profilepimpz.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825809", "to_ids": true, "type": "domain", "uuid": "6d1e163f-5953-4db5-ab08-73126fbf2c4b", "value": "quickoffice360.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825830", "to_ids": true, "type": "domain", "uuid": "820e77eb-06ca-41a2-8b80-d7d0e2a6c21f", "value": "redactnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825851", "to_ids": true, "type": "domain", "uuid": "c67800b4-cc5b-48f6-9310-46d0af44d43a", "value": "reformporta.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825872", "to_ids": true, "type": "domain", "uuid": "8428d003-643c-4a60-99b6-a491a358986c", "value": "richwoodgrill.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825893", "to_ids": true, "type": "domain", "uuid": "5dabea7c-472c-441c-97b4-a5df7aa11fd7", "value": "riversidebreakingnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825914", "to_ids": true, "type": "domain", "uuid": "a7682ed7-6789-47b6-904f-073a15e359a2", "value": "rpcgenetics.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825936", "to_ids": true, "type": "domain", "uuid": "3c09c14b-f020-42cb-bfd5-80603e576ce5", "value": "sangkayrealnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825957", "to_ids": true, "type": "domain", "uuid": "c06719b5-181d-4003-bb09-a70ad9f121a6", "value": "shreyaninfotech.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736825978", "to_ids": true, "type": "domain", "uuid": "8a812af3-8c9c-49f9-baaf-22beed4e6fbf", "value": "smldatacenter.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826000", "to_ids": true, "type": "domain", "uuid": "e06b78ae-32e6-4bdb-801d-74f4a35cfa8c", "value": "spencerinfo.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826021", "to_ids": true, "type": "domain", "uuid": "2ef39178-542d-442f-b37d-ed385309fc39", "value": "starlightstar.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826042", "to_ids": true, "type": "domain", "uuid": "b429311a-7dba-48a5-85ea-f7008c2e3eb8", "value": "tasensors.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826064", "to_ids": true, "type": "domain", "uuid": "d934ca42-1cec-41d7-ac64-dcae311081d3", "value": "techoilproducts.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826085", "to_ids": true, "type": "domain", "uuid": "9f555f5c-4586-46cd-a96f-ed63f451166c", "value": "thelocaltribe.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826106", "to_ids": true, "type": "domain", "uuid": "32a0d1d4-214e-4aea-a450-4c71d7fc36e9", "value": "tigermm.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826128", "to_ids": true, "type": "domain", "uuid": "88937ac9-386b-4eff-9471-ae302a21deac", "value": "tigernewsmedia.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826149", "to_ids": true, "type": "domain", "uuid": "218e300b-b575-4c69-97dd-43d323207ed5", "value": "tophooks.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826170", "to_ids": true, "type": "domain", "uuid": "ccb3be5d-0dad-48f1-8bf5-06643398e8fb", "value": "truckingaccidentattorneyblog.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826191", "to_ids": true, "type": "domain", "uuid": "54348e09-1a07-4e01-a1be-d98c05b22690", "value": "truff-evadee.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826212", "to_ids": true, "type": "domain", "uuid": "fd37f4e9-6f85-47e0-b7cf-9cfed276524a", "value": "tychonews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826233", "to_ids": true, "type": "domain", "uuid": "3236b1ea-68db-4097-b912-4c21aecb1f7d", "value": "unixhonpo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826255", "to_ids": true, "type": "domain", "uuid": "3672494e-b896-440c-ab0d-f61f65742c5a", "value": "usedownload.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826276", "to_ids": true, "type": "domain", "uuid": "ab1e533b-1b13-440f-8a0e-98734a499fa7", "value": "vanessalove.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826297", "to_ids": true, "type": "domain", "uuid": "e11cc799-0eba-44d3-a0fa-000f82a8706e", "value": "versaillesinfo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826318", "to_ids": true, "type": "domain", "uuid": "d398d63f-02f3-4ad1-9179-42a061620b07", "value": "vopaklatinamerica.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826340", "to_ids": true, "type": "domain", "uuid": "ecbe9cdb-fba5-42e4-b8b5-caff9eb8810e", "value": "windowsfiledownload.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826361", "to_ids": true, "type": "domain", "uuid": "5a85f27c-8559-43e0-8f5b-8b66f16d1711", "value": "xxmodkiufnsw.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826382", "to_ids": true, "type": "domain", "uuid": "0bb5566d-49cd-4eb1-8034-51ccf078916f", "value": "365officemail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736826403", "to_ids": true, "type": "domain", "uuid": "bcb18e3f-9cc3-43a3-a35a-f541400d8935", "value": "7gzi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Additional Staging Domain", "deleted": false, "disable_correlation": false, "timestamp": "1736826425", "to_ids": true, "type": "url", "uuid": "414ab5f7-14d8-4c62-8775-cd5c7b21b2b4", "value": "https://getfiledown.com/utdkt", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Additional Staging Domain", "deleted": false, "disable_correlation": false, "timestamp": "1736826446", "to_ids": true, "type": "url", "uuid": "b3811013-2a40-4f9a-8581-81e5d5e7260c", "value": "https://versaillesinfo.com/brjwcabz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Additional Staging Domain", "deleted": false, "disable_correlation": false, "timestamp": "1736826467", "to_ids": true, "type": "url", "uuid": "39efe01d-ab54-4d97-97d4-2f1487ee3780", "value": "https://lifeyomi.com/trkziu", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Additional Staging Domain", "deleted": false, "disable_correlation": false, "timestamp": "1736826488", "to_ids": true, "type": "url", "uuid": "1e2a83bf-d51e-49e5-bc5d-c20f92244f5e", "value": "https://lebohdc.com/uleuodmm", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Additional Staging Domain", "deleted": false, "disable_correlation": false, "timestamp": "1737156455", "to_ids": true, "type": "url", "uuid": "edc5bdc5-8102-4128-bacb-e14133e284a0", "value": "https://cdn7s65.z13.web.core.windows.net/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Additional Staging Domain", "deleted": false, "disable_correlation": false, "timestamp": "1737156484", "to_ids": true, "type": "url", "uuid": "9fbf23d9-af63-4aca-b075-83393e1a0038", "value": "https://edupro4.z13.web.core.windows.net/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Additional Staging Domain", "deleted": false, "disable_correlation": false, "timestamp": "1736826551", "to_ids": true, "type": "url", "uuid": "1a8976d2-cf7c-434c-a22e-2cbd5979e134", "value": "https://elevateecom.com/deqcehfg", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Additional Staging Domain", "deleted": false, "disable_correlation": false, "timestamp": "1736826572", "to_ids": true, "type": "url", "uuid": "52bca196-8167-44df-b891-cada6e4818b1", "value": "https://vabercoach.com/uenic", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Additional Staging Domain", "deleted": false, "disable_correlation": false, "timestamp": "1736826593", "to_ids": true, "type": "url", "uuid": "03640bba-4f3a-485e-ac2a-daff67d679e1", "value": "https://artbykathrynmorin.com/lczjnmum", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta Administration Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041017", "to_ids": true, "type": "ip-dst", "uuid": "4cae020b-8efd-449d-9ac5-4c046297322a", "value": "115.61.168.143", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fcc130", "local": false, "name": "asn:asn=\"4837\"", "relationship_type": "" }, { "colour": "#a33581", "local": false, "name": "asn:as-owner=\"CHINA169-BACKBONE CHINA UNICOM China169 Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta Administration Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041019", "to_ids": true, "type": "ip-dst", "uuid": "1fda34fb-b728-45e1-9586-9ae72ba7f0d7", "value": "115.61.168.170", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fcc130", "local": false, "name": "asn:asn=\"4837\"", "relationship_type": "" }, { "colour": "#a33581", "local": false, "name": "asn:as-owner=\"CHINA169-BACKBONE CHINA UNICOM China169 Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta Administration Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041021", "to_ids": true, "type": "ip-dst", "uuid": "9615e0a9-b1b8-4786-9391-f343e9c874ae", "value": "115.61.168.229", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fcc130", "local": false, "name": "asn:asn=\"4837\"", "relationship_type": "" }, { "colour": "#a33581", "local": false, "name": "asn:as-owner=\"CHINA169-BACKBONE CHINA UNICOM China169 Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta Administration Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041022", "to_ids": true, "type": "ip-dst", "uuid": "b4c56f99-1ce0-4daf-8032-25f7cd5adc57", "value": "115.61.169.139", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fcc130", "local": false, "name": "asn:asn=\"4837\"", "relationship_type": "" }, { "colour": "#a33581", "local": false, "name": "asn:as-owner=\"CHINA169-BACKBONE CHINA UNICOM China169 Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta Administration Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041024", "to_ids": true, "type": "ip-dst", "uuid": "bd067748-415e-40ce-84c3-65f526b09bb9", "value": "115.61.170.105", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fcc130", "local": false, "name": "asn:asn=\"4837\"", "relationship_type": "" }, { "colour": "#a33581", "local": false, "name": "asn:as-owner=\"CHINA169-BACKBONE CHINA UNICOM China169 Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta Administration Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041025", "to_ids": true, "type": "ip-dst", "uuid": "d6789272-d349-4a3e-bc46-f495e0aad1ff", "value": "115.61.170.70", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fcc130", "local": false, "name": "asn:asn=\"4837\"", "relationship_type": "" }, { "colour": "#a33581", "local": false, "name": "asn:as-owner=\"CHINA169-BACKBONE CHINA UNICOM China169 Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta Administration Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041027", "to_ids": true, "type": "ip-dst", "uuid": "c5a55655-8d0a-44ea-9ab3-cdb157a0d38c", "value": "182.114.108.91", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fcc130", "local": false, "name": "asn:asn=\"4837\"", "relationship_type": "" }, { "colour": "#a33581", "local": false, "name": "asn:as-owner=\"CHINA169-BACKBONE CHINA UNICOM China169 Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta Administration Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041028", "to_ids": true, "type": "ip-dst", "uuid": "1343ccbb-cde0-40e6-b635-a3d92ca569a2", "value": "182.114.108.93", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fcc130", "local": false, "name": "asn:asn=\"4837\"", "relationship_type": "" }, { "colour": "#a33581", "local": false, "name": "asn:as-owner=\"CHINA169-BACKBONE CHINA UNICOM China169 Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta Administration Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041030", "to_ids": true, "type": "ip-dst", "uuid": "589c0903-0895-41dc-a2e7-a1550168144f", "value": "182.114.110.11", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fcc130", "local": false, "name": "asn:asn=\"4837\"", "relationship_type": "" }, { "colour": "#a33581", "local": false, "name": "asn:as-owner=\"CHINA169-BACKBONE CHINA UNICOM China169 Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta Administration Server", "deleted": false, "disable_correlation": false, "timestamp": "1780041033", "to_ids": true, "type": "ip-dst", "uuid": "6452d105-122c-4a35-a7f0-9d2c4da8feae", "value": "182.114.110.170", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fcc130", "local": false, "name": "asn:asn=\"4837\"", "relationship_type": "" }, { "colour": "#a33581", "local": false, "name": "asn:as-owner=\"CHINA169-BACKBONE CHINA UNICOM China169 Backbone\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041034", "to_ids": true, "type": "ip-dst", "uuid": "e5b737d2-20fe-4cec-a0fe-86ae79474d13", "value": "103.79.120.92", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b03a08", "local": false, "name": "asn:asn=\"135330\"", "relationship_type": "" }, { "colour": "#0048a1", "local": false, "name": "asn:as-owner=\"ADCDATACOM-AS-AP ADCDATA.COM\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041036", "to_ids": true, "type": "ip-dst", "uuid": "4b1eef1d-9921-411f-9040-47d39f3d97c1", "value": "45.83.236.105", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#18193e", "local": false, "name": "asn:asn=\"6134\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041037", "to_ids": true, "type": "ip-dst", "uuid": "96329a8e-9050-4e8c-bf12-a34a6c5e9643", "value": "116.206.178.67", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#18193e", "local": false, "name": "asn:asn=\"6134\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041039", "to_ids": true, "type": "ip-dst", "uuid": "0260a67c-3a7e-41c0-bb96-31a4ed1e5de3", "value": "45.133.239.183", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#18193e", "local": false, "name": "asn:asn=\"6134\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041041", "to_ids": true, "type": "ip-dst", "uuid": "13df783c-15a5-4d4d-a3b1-134187be0a3c", "value": "116.206.178.68", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#18193e", "local": false, "name": "asn:asn=\"6134\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041042", "to_ids": true, "type": "ip-dst", "uuid": "71c7e559-baf9-4bc1-a9e9-335e31671a47", "value": "103.238.225.248", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#89180a", "local": false, "name": "asn:asn=\"55933\"", "relationship_type": "" }, { "colour": "#8d5bf4", "local": false, "name": "asn:as-owner=\"CLOUDIE-AS-AP Cloudie Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041044", "to_ids": true, "type": "ip-dst", "uuid": "5a04b5d9-ed1c-4feb-9390-278f1c7ad9bf", "value": "45.133.239.21", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#18193e", "local": false, "name": "asn:asn=\"6134\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041045", "to_ids": true, "type": "ip-dst", "uuid": "b3610507-c938-4e3e-b646-523c2a134c95", "value": "103.238.227.183", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#89180a", "local": false, "name": "asn:asn=\"55933\"", "relationship_type": "" }, { "colour": "#8d5bf4", "local": false, "name": "asn:as-owner=\"CLOUDIE-AS-AP Cloudie Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041047", "to_ids": true, "type": "ip-dst", "uuid": "1da5e11e-0032-4940-b280-9e5462710e8d", "value": "103.107.104.37", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b03a08", "local": false, "name": "asn:asn=\"135330\"", "relationship_type": "" }, { "colour": "#0048a1", "local": false, "name": "asn:as-owner=\"ADCDATACOM-AS-AP ADCDATA.COM\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041048", "to_ids": true, "type": "ip-dst", "uuid": "de111e1b-a91c-4bb2-81dc-b756bedb6977", "value": "107.148.32.206", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#68deaf", "local": false, "name": "asn:asn=\"394432\"", "relationship_type": "" }, { "colour": "#be0a1b", "local": false, "name": "asn:as-owner=\"PEG-SG\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041050", "to_ids": true, "type": "ip-dst", "uuid": "6023beb6-eb0e-496e-9efe-04801a049f51", "value": "167.179.100.144", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041052", "to_ids": true, "type": "ip-dst", "uuid": "e7262774-b8c4-4a65-9e42-39b8c92c37b3", "value": "116.206.178.34", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#18193e", "local": false, "name": "asn:asn=\"6134\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041053", "to_ids": true, "type": "ip-dst", "uuid": "5178080e-3856-4aa4-9cad-12806c9f895d", "value": "149.104.2.160", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#d97e45", "local": false, "name": "asn:asn=\"932\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041055", "to_ids": true, "type": "ip-dst", "uuid": "108a99a9-d39f-4e30-8108-437042e30a45", "value": "207.246.106.38", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041056", "to_ids": true, "type": "ip-dst", "uuid": "1dfa8ec4-230e-4723-93ec-21b40b1b2447", "value": "45.76.132.25", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041060", "to_ids": true, "type": "ip-dst", "uuid": "719ec5c6-0433-4bed-b62d-04a474c585ac", "value": "155.138.203.78", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041064", "to_ids": true, "type": "ip-dst", "uuid": "5daf2597-957c-44e3-8a60-16f5e3557b09", "value": "144.76.60.136", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#d17f93", "local": false, "name": "asn:asn=\"24940\"", "relationship_type": "" }, { "colour": "#18e065", "local": false, "name": "asn:as-owner=\"HETZNER-AS\"", "relationship_type": "" }, { "colour": "#141680", "local": false, "name": "asn:as-country=\"DE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"germany\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041066", "to_ids": true, "type": "ip-dst", "uuid": "5ab6f199-c617-48cd-9402-0e2948f1fccc", "value": "38.180.75.197", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#64bed2", "local": false, "name": "asn:asn=\"9009\"", "relationship_type": "" }, { "colour": "#41c276", "local": false, "name": "asn:as-owner=\"M247\"", "relationship_type": "" }, { "colour": "#26f3a1", "local": false, "name": "asn:as-country=\"RO\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"romania\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041067", "to_ids": true, "type": "ip-dst", "uuid": "5c3ce5ac-c601-49b2-acc4-c3635cfa122f", "value": "107.155.56.15", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c3a785", "local": false, "name": "asn:asn=\"135377\"", "relationship_type": "" }, { "colour": "#273bfe", "local": false, "name": "asn:as-owner=\"UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041069", "to_ids": true, "type": "ip-dst", "uuid": "500fa0cf-56a9-4b2b-8be1-05d98e9ac9b4", "value": "107.155.56.87", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c3a785", "local": false, "name": "asn:asn=\"135377\"", "relationship_type": "" }, { "colour": "#273bfe", "local": false, "name": "asn:as-owner=\"UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041070", "to_ids": true, "type": "ip-dst", "uuid": "f1fda123-9ff7-40e4-b2e5-ffb4aa6f5f6e", "value": "202.91.36.213", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b03a08", "local": false, "name": "asn:asn=\"135330\"", "relationship_type": "" }, { "colour": "#0048a1", "local": false, "name": "asn:as-owner=\"ADCDATACOM-AS-AP ADCDATA.COM\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041072", "to_ids": true, "type": "ip-dst", "uuid": "6b2446c3-3b38-42d6-9960-965baa28a209", "value": "107.155.56.4", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c3a785", "local": false, "name": "asn:asn=\"135377\"", "relationship_type": "" }, { "colour": "#273bfe", "local": false, "name": "asn:as-owner=\"UCLOUD-HK-AS-AP UCLOUD INFORMATION TECHNOLOGY HK LIMITED\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041073", "to_ids": true, "type": "ip-dst", "uuid": "87840288-fab3-4b4f-bc18-85f20dad19b4", "value": "149.104.12.64", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#18193e", "local": false, "name": "asn:asn=\"6134\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041077", "to_ids": true, "type": "ip-dst", "uuid": "33aaf604-04b3-41ed-bed5-7f43e6383ae9", "value": "154.205.136.105", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e7643a", "local": false, "name": "asn:asn=\"138915\"", "relationship_type": "" }, { "colour": "#1ec497", "local": false, "name": "asn:as-owner=\"KAOPU-HK Kaopu Cloud HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041079", "to_ids": true, "type": "ip-dst", "uuid": "6a031e45-af10-4d56-8cbd-3ed82de45564", "value": "223.26.52.208", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041080", "to_ids": true, "type": "ip-dst", "uuid": "aaf69f01-7771-432e-9728-95fd785dcf1e", "value": "45.128.153.73", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#15dbfe", "local": false, "name": "asn:asn=\"212238\"", "relationship_type": "" }, { "colour": "#1f1556", "local": false, "name": "asn:as-owner=\"CDNEXT\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041082", "to_ids": true, "type": "ip-dst", "uuid": "d9accc9e-5521-4d67-af03-a26cd4387be1", "value": "96.43.101.245", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041083", "to_ids": true, "type": "ip-dst", "uuid": "f3654575-e48b-4a3c-b199-05b28db461a9", "value": "45.135.119.132", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#18193e", "local": false, "name": "asn:asn=\"6134\"", "relationship_type": "" }, { "colour": "#3647b3", "local": false, "name": "asn:as-owner=\"XNNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041088", "to_ids": true, "type": "ip-dst", "uuid": "f6b214ba-279b-4ede-9646-6e677833fc89", "value": "161.97.107.93", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a9711e", "local": false, "name": "asn:asn=\"51167\"", "relationship_type": "" }, { "colour": "#f5370c", "local": false, "name": "asn:as-owner=\"CONTABO\"", "relationship_type": "" }, { "colour": "#141680", "local": false, "name": "asn:as-country=\"DE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"germany\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041089", "to_ids": true, "type": "ip-dst", "uuid": "89d7b136-8169-4138-ab32-e4a6685131ff", "value": "103.107.105.81", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b03a08", "local": false, "name": "asn:asn=\"135330\"", "relationship_type": "" }, { "colour": "#0048a1", "local": false, "name": "asn:as-owner=\"ADCDATACOM-AS-AP ADCDATA.COM\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041091", "to_ids": true, "type": "ip-dst", "uuid": "6b98905d-08d6-46a9-b12f-aee7a3e7236f", "value": "103.107.104.4", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b03a08", "local": false, "name": "asn:asn=\"135330\"", "relationship_type": "" }, { "colour": "#0048a1", "local": false, "name": "asn:as-owner=\"ADCDATACOM-AS-AP ADCDATA.COM\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041092", "to_ids": true, "type": "ip-dst", "uuid": "1eff0074-2e9f-4369-b95a-3e18de2b3d9d", "value": "103.107.104.57", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b03a08", "local": false, "name": "asn:asn=\"135330\"", "relationship_type": "" }, { "colour": "#0048a1", "local": false, "name": "asn:as-owner=\"ADCDATACOM-AS-AP ADCDATA.COM\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041094", "to_ids": true, "type": "ip-dst", "uuid": "70d9d261-afe5-4a14-bf63-3f3ff19c4099", "value": "154.90.47.123", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e7643a", "local": false, "name": "asn:asn=\"138915\"", "relationship_type": "" }, { "colour": "#1ec497", "local": false, "name": "asn:as-owner=\"KAOPU-HK Kaopu Cloud HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RedDelta C2 Servers (October\u2013December 2024)", "deleted": false, "disable_correlation": false, "timestamp": "1780041095", "to_ids": true, "type": "ip-dst", "uuid": "c574a29c-6c3d-48c4-bb11-73949b46c664", "value": "147.78.12.202", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#15dbfe", "local": false, "name": "asn:asn=\"212238\"", "relationship_type": "" }, { "colour": "#1f1556", "local": false, "name": "asn:as-owner=\"CDNEXT\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770862895", "to_ids": false, "type": "comment", "uuid": "6612cdbb-b8dd-4804-8930-265e9f43baaa", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2025/250111-Reddelta/1.png" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827548", "uuid": "23c02dc5-5d23-4e8e-b94c-e009241e6b58", "Attribute": [ { "category": "Payload delivery", "comment": "Shortcut (LNK) File", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827548", "to_ids": true, "type": "md5", "uuid": "85772a6e-84f6-4ef1-a30c-8d3326c098e0", "value": "b919ab6f54f632401d708c66675da07d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823553", "to_ids": true, "type": "sha1", "uuid": "63a3456a-9356-4656-bc9b-57e2b4039712", "value": "d1b311cbb266629bd9132631304bd2e74e0804e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823553", "to_ids": true, "type": "sha256", "uuid": "63028bb9-76a2-44dd-b20d-24936f56197b", "value": "a0a3eeb6973f12fe61e6e90fe5fe8e406a8e00b31b1511a0dfe9a88109d0d129", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821021", "to_ids": true, "type": "ssdeep", "uuid": "e8810e4a-0693-442b-ba91-78b1ce1b77c8", "value": "24:8sjS6ctpo4jj9ABvURS9ABvU4nacPWk+/CW:8KS6Mpo8jUvASUvbJN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821021", "to_ids": false, "type": "size-in-bytes", "uuid": "4d3fcd0c-eeb8-4725-9ba5-44e42d6ee116", "value": "7918" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821021", "to_ids": true, "type": "vhash", "uuid": "be341b58-d0d1-45cc-8c2b-969ad8ae9716", "value": "5fdd6c0d35f9bc948e109dc1e6e1dc3c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821021", "to_ids": true, "type": "filename", "uuid": "3abe12a0-bc78-4ed7-9b9d-e1fba828781f", "value": "a0a3eeb.lnk" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821021", "to_ids": false, "type": "text", "uuid": "4cb6d4d1-6915-4cab-bb2d-e9a027fdfdb7", "value": "Shortcut (LNK) File\r\nType Descriptio%WINDIR%\\shortcut\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/WinLNK!MSR\nSentinelOne: Static AI - Suspicious LNK\nVT Total Detection:34/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827570", "uuid": "0093c20b-ab37-4532-a1b3-829cc33571bc", "Attribute": [ { "category": "Payload delivery", "comment": "Shortcut (LNK) File", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827570", "to_ids": true, "type": "md5", "uuid": "0adc7a60-8a21-4318-af5f-ea83c5d479b1", "value": "5968126b6f6c64e8ee24c60a15c0c684", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823554", "to_ids": true, "type": "sha1", "uuid": "d25e3967-a9f7-4880-813e-6db89431caf7", "value": "f90a9ab03fd2bc2f1b6733a463b4da480d7fc0f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Shortcut (LNK) File", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823554", "to_ids": true, "type": "sha256", "uuid": "4a7984a8-ef65-493c-a623-63fa7975a6b6", "value": "74f3101e869cedb3fc6608baa21f91290bb3db41c4260efe86f9aeb7279f18a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821303", "to_ids": true, "type": "ssdeep", "uuid": "65d3ba30-2e3e-45f8-a596-eca7a390fab0", "value": "12:8MVRsfUGsSXqlqQ/2nG2p3GP4jsGnGCk7ess9SYtGnGCk7ess97YlxWfcPjjInkw:8MRjS6ctpo4jj9qwjS9qweYcPWk+/CW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821303", "to_ids": false, "type": "size-in-bytes", "uuid": "49d5bc23-b710-452f-a544-9e6cb40cdb88", "value": "8010" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821303", "to_ids": true, "type": "vhash", "uuid": "9d57df6a-0183-4f19-9991-96ff209f9e49", "value": "5fdd6c0d35f9bc948e109dc1e6e1dc3c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821303", "to_ids": true, "type": "filename", "uuid": "3815ef2c-b5f2-48da-9392-2a3c3d086bea", "value": "\u9078\u8209\u6c11\u610f\u8abf\u67e5\u7814\u7a76\u554f\u5377.lnk" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821303", "to_ids": false, "type": "text", "uuid": "89981caf-ce89-451a-a3e0-bc901b46383e", "value": "Shortcut (LNK) File\r\nType Descriptio%WINDIR%\\shortcut\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/WinLNK!MSR\nSentinelOne: Static AI - Suspicious LNK\nVT Total Detection:32/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827591", "uuid": "bcaf7d65-b333-409e-8fe5-5531ff71e630", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827591", "to_ids": true, "type": "md5", "uuid": "6425badf-27b5-4cf7-ab97-ab8492c487df", "value": "6aeeedbc67d02e4b2a5a5440570d4319", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823556", "to_ids": true, "type": "sha1", "uuid": "e43fe34d-d9d2-4d13-ae77-0b386f680ec9", "value": "08a1125fa3de9dd86eba3fbfb7781f885b173cd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823556", "to_ids": true, "type": "sha256", "uuid": "ed834ea6-11d1-45f8-90fc-8d3c6654ec27", "value": "1cbf860e99dcd2594a9de3c616ee86c894d85145bc42e55f4fed3a31ef7c2292", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821324", "to_ids": true, "type": "ssdeep", "uuid": "230b6f73-3a13-4f4a-b48a-b1f14ba79c4d", "value": "384:w4EBEHVRFpBjYishqgaqarBsBI92v1GOWPnQB+7WFpj:V3HDFpdYi7gaSa92sY6WFpj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821324", "to_ids": false, "type": "size-in-bytes", "uuid": "b11c7f27-b9f5-4057-973e-2e45025f42ce", "value": "144866" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821324", "to_ids": true, "type": "filename", "uuid": "d434442b-4ced-43a2-aedb-60087d3a1aa9", "value": "invitation.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821324", "to_ids": false, "type": "text", "uuid": "839012a7-afa2-4dd6-a4b9-5944bba61425", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: Trojan:O97M/Malgent!MSR\nSentinelOne: None\nVT Total Detection:30/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827612", "uuid": "cf066620-3e5c-4f2c-be2e-cec178e0666a", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827612", "to_ids": true, "type": "md5", "uuid": "4031adf2-9854-4a95-ae97-c09a5c8888ca", "value": "f6edc0354c72f0cd37899d25992364e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823557", "to_ids": true, "type": "sha1", "uuid": "00904afa-20a2-47bc-ba68-d4f7acd68720", "value": "87f9218db7c6b2bd92b927533a80d15be5647919", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823557", "to_ids": true, "type": "sha256", "uuid": "4588373d-f212-4ef6-b55e-01827a841ee5", "value": "54549745868b27f5e533a99b3c10f29bc5504d01bd0792568f2ad1569625b1fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821346", "to_ids": true, "type": "ssdeep", "uuid": "a81d3cc9-7f8a-4dda-926a-2122c20e8519", "value": "768:QDodWCHuEwz2TZo9bCJffZa92PDodWCrWyFph:QKw96TPKBN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821346", "to_ids": false, "type": "size-in-bytes", "uuid": "2a3a0afd-9f0c-44b6-9266-47c25df8e150", "value": "144850" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821346", "to_ids": true, "type": "filename", "uuid": "23f99d93-337a-4b18-9948-9714612f3849", "value": "240422 264-24 SOLO airfield surveys.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821346", "to_ids": false, "type": "text", "uuid": "9c086afc-f651-4e5c-b236-015e01d32841", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: Trojan:O97M/Malgent!MSR\nSentinelOne: None\nVT Total Detection:31/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827633", "uuid": "1267ba56-2061-4817-9564-1a213db22305", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827633", "to_ids": true, "type": "md5", "uuid": "2dc6293f-7810-4f4d-961c-000e95c4e324", "value": "226b14ecc07e900a2ee4fd99db2d4489", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823559", "to_ids": true, "type": "sha1", "uuid": "1cf660a2-c22e-471f-80f1-fd9d89b6bcc0", "value": "07bf9756385e2e4373a5bfadc591d3a6a4dec68f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823559", "to_ids": true, "type": "sha256", "uuid": "3e418d0b-1bb9-43dd-a514-59f7a8e13f31", "value": "8c9e1f17e82369d857e5bf3c41f0609b1e75fd5a4080634bc8ae7291ebe2186c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821367", "to_ids": true, "type": "ssdeep", "uuid": "bf0f3851-eecb-4d82-bacb-9cbb0948cac7", "value": "384:w4EXyXsRFpBjYishqgaqarBsBI92v1GOWPnQB+7WFpj:VLX6FpdYi7gaSa92sY6WFpj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821367", "to_ids": false, "type": "size-in-bytes", "uuid": "a92a5713-9a47-487e-bb71-0b39eda54759", "value": "144842" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821367", "to_ids": true, "type": "filename", "uuid": "1b3d77bc-b896-4ee6-80b2-eb45aa41a552", "value": "Meeting Invitation.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821367", "to_ids": false, "type": "text", "uuid": "faece536-563f-4a54-bf24-441473f1e530", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: Trojan:O97M/Malgent!MSR\nSentinelOne: None\nVT Total Detection:31/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "dd9685c3-cc65-4952-842f-cd094837d9ce", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "ffdf3f1a-e9e3-47bd-8c52-978e622a328c", "value": "dcff629818a142ad408eed934677c046", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "26ab4206-a65c-4bd8-8af6-ac73cd0a8e8e", "value": "aee975f226d76b5ee8ed25b2239187d335a631ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "e8d0853a-ee50-4b57-86e9-7c744e1c7e6b", "value": "d0c4eb52ea0041cab5d9e1aea17e0fe8a588879a03415f609b195cfbd69caafc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821389", "to_ids": true, "type": "ssdeep", "uuid": "703ab386-ec62-40a2-b3df-8c415d09de52", "value": "192:f0lAsYM5Wz8J03D3dasPPPPWmxWqWPPPPP5/PPPB9Ef/Hk95vPPPPPPPNdJt/2CW:OBJ0DdaxmGnE3Ert2jWe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821389", "to_ids": false, "type": "size-in-bytes", "uuid": "5be3c7d6-4d84-4716-9a50-2c1973402f0c", "value": "85149" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821389", "to_ids": true, "type": "filename", "uuid": "ecff189b-b6b4-4e42-aa1e-4e2ac7330f73", "value": "Meeting.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821389", "to_ids": false, "type": "text", "uuid": "c7759054-cd0f-41a4-b4ee-7adb1221a4a8", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: Trojan:Script/Malgent!MSR\nSentinelOne: None\nVT Total Detection:31/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "835f00af-e4ca-4434-90dd-a960ba31b4d6", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "f26248c4-c50b-44b3-a813-a5e71d6ba0d1", "value": "c9bf96f6e5273fda4822e79752e2140a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "b6b516a8-e306-4abd-9e8c-fa6df735abfa", "value": "a1abe9f17e41596aea6748b0197a29aa990f122b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "2d31880a-c239-41bd-98aa-f703d2a99907", "value": "ca0dfda9a329f5729b3ca07c6578b3b6560e7cfaeff8d988d1fe8c9ca6896da5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821410", "to_ids": true, "type": "ssdeep", "uuid": "e26c31ff-acfe-4397-a449-fc714ee50148", "value": "192:f0lAsYM509Gz8J091DdasPPPPWmxWqWPPPPP5/PPPB9Ef/Hk95vPPPPPPPNdJt/U:OYJ0HdaxmGnE3Ert2jWe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821410", "to_ids": false, "type": "size-in-bytes", "uuid": "39f12dff-d907-4930-97a1-ddc20eb4a7f5", "value": "85164" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821410", "to_ids": true, "type": "filename", "uuid": "2bd4ed01-223e-4801-bb0d-082fd7836b56", "value": "Meeting invitation.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821410", "to_ids": false, "type": "text", "uuid": "d737278e-697a-4431-b0e2-1c60c5f30966", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: Trojan:Script/Malgent!MSR\nSentinelOne: None\nVT Total Detection:31/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "3b9e4635-ea6a-4a7c-ae02-273f4d34ea3f", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "72b2f319-2471-44b1-a263-eb8f126c1792", "value": "bf7a1b294efe4f37da8ead2e04968360", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "2683151c-a2b3-4db7-89d4-3ae4eb3ce2de", "value": "22d8b1ecd43cda85629a7b5dd118b0913ec133dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "8173d15f-ed8d-4cea-90ff-9acddcafe8e2", "value": "6784b646378c650a86ba4fdd4baaaf608e5ecdf171c71bb7720f83965cc8c96f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821432", "to_ids": true, "type": "ssdeep", "uuid": "55c99491-2b3f-4713-a79d-94455c63d0a6", "value": "192:f0lAsYM5/z8J0V9bdasPPPPWmxWqWPPPPP5/PPPB9Ef/Hk95vPPPPPPPNdJt/2CW:OCJ0XdaxmGnE3Ert2jWe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821432", "to_ids": false, "type": "size-in-bytes", "uuid": "7e6d26c6-be8b-49f4-a7cb-d1066aa3c4aa", "value": "85161" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821432", "to_ids": true, "type": "filename", "uuid": "7ea43dfb-028d-4a24-9e90-947e63635737", "value": "Meeting.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821432", "to_ids": false, "type": "text", "uuid": "fcb2cea7-c5b0-4efd-bd55-8c51dc51101a", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: Trojan:Script/Malgent!MSR\nSentinelOne: None\nVT Total Detection:32/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827718", "uuid": "88510424-bf1c-4cd5-9faf-93350c36b571", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827718", "to_ids": true, "type": "md5", "uuid": "ca9fdb56-1977-4f4f-b973-f463d0beb1fe", "value": "5cff45a0307b8d7564a19ccc0c23702e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823564", "to_ids": true, "type": "sha1", "uuid": "0d27f7d6-c2c7-4de4-b4b8-9136e5c57995", "value": "b9b552ef5e41d61890e8821639d360af72bcb8d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823564", "to_ids": true, "type": "sha256", "uuid": "e3a9f091-55ee-4260-9abe-2c52cd652357", "value": "00619a5312d6957248bac777c44c0e9dd871950c6785830695c51184217a1437", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821453", "to_ids": true, "type": "ssdeep", "uuid": "2e929819-8825-448f-b6a2-4147b0bfe165", "value": "192:f0lAsYM5Vz8J0Q0IdasPPPPWmxWqWPPPPP5/PPPB9Ef/Hk95vPPPPPPPNdJt/2CW:O0J0sdaxmGnE3Ert2jWe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821453", "to_ids": false, "type": "size-in-bytes", "uuid": "5d6d9357-6def-4132-9997-8f688d535fe8", "value": "85133" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821453", "to_ids": true, "type": "filename", "uuid": "9bad2776-c59d-4249-85f5-186aec78917a", "value": "Pg 151 vv nghi le Quoc khanh 2.9.msc.1" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821453", "to_ids": false, "type": "text", "uuid": "fd857ec5-2aad-4854-9cac-a542800d6fbc", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: TrojanDownloader:XML/URLRedirectDownload.A\nSentinelOne: None\nVT Total Detection:27/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827739", "uuid": "8995ddad-084e-418a-83f2-41ed88f1764c", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827739", "to_ids": true, "type": "md5", "uuid": "c27d5d6e-355c-443b-a4a5-ff224d9399f7", "value": "d707b44aecc91c956df6fba7885d8ba1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823566", "to_ids": true, "type": "sha1", "uuid": "4f2a2b35-9f9a-48df-be57-5ccc910588e7", "value": "a3cc29e7590c761b1b4674a50032c191ecfa1143", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823566", "to_ids": true, "type": "sha256", "uuid": "bacf03dc-61af-4059-ab30-75ae60d7fd63", "value": "eae187a91f97838dbb327b684d6a954beee49f522a829a1b51c1621218039040", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821474", "to_ids": true, "type": "ssdeep", "uuid": "7ebcab59-9723-4950-9d4e-9291eaf1d1c4", "value": "192:f0lAsYM5Iz8J0W2mdjqoR24g4PMCYPLdFYwq0czs1W792zxaMMEiDt0hNDEh:OrJ0Odhx+9692zxaMMEkt0hNDEh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821475", "to_ids": false, "type": "size-in-bytes", "uuid": "545d22a0-2e54-40d5-87dd-65f552617ffe", "value": "85147" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821475", "to_ids": true, "type": "filename", "uuid": "b2ffc808-cb38-4993-bf94-9fe38be1e531", "value": "BCTT 02.9 AM Final.docx.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821475", "to_ids": false, "type": "text", "uuid": "11a95ed0-df4e-47db-af94-fdeb43bbe20a", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: TrojanDownloader:XML/URLRedirectDownload.A\nSentinelOne: None\nVT Total Detection:28/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "8d0b9692-35a3-4afa-81af-9de86423a254", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "bb86dcce-a572-48c4-881d-880832c2fcdc", "value": "512e26cf94f44c2a80d8fed73995c778", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "6aa95937-90d7-4a9e-96ec-c2f78c7e1ca8", "value": "27634cb05cc75f4db0dd3d45ba240a52d070d4fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "ad0376af-9e15-49a5-bf14-72cefc9be432", "value": "c1f27bed733c5bcf76d2e37e1f905d6c4e7abaeb0ea8975fca2d300c19c5e84f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821496", "to_ids": true, "type": "ssdeep", "uuid": "81f15b07-f143-4631-9fc6-97b3c87519b4", "value": "192:f0lAswM0CESz8J0aCodasPPPPWmxWqWPPPPP5/PPPB9Ef/Hk95vPPPPPPPNdJt/U:OxEnJ0UdaxmGnE3Ert2jWe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821496", "to_ids": false, "type": "size-in-bytes", "uuid": "4eac42cc-b7e1-48ff-abb0-2a6378277a20", "value": "87486" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821496", "to_ids": true, "type": "filename", "uuid": "02ec2aee-6029-4071-9669-6e032007ccc5", "value": "c1f27bed733c5bcf76d2e37e1f905d6c4e7abaeb0ea8975fca2d300c19c5e84f.bin" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821496", "to_ids": false, "type": "text", "uuid": "c17abbdd-9762-43cf-b935-881ad54b8586", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: TrojanDownloader:XML/URLRedirectDownload.A\nSentinelOne: None\nVT Total Detection:28/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "7608a237-9b1f-4f3d-9239-e5850682ed96", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "a717d376-9cd4-42c5-a258-14c9b4f34c1d", "value": "026a6ed068b12ea1447ca20d4f82452f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "832bb2d9-f5b9-4e0f-ad64-7a83b0884af3", "value": "9bfd0e7ec77143943e56da46d6baee7d74cc8757", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "5ec1bfe6-adc0-48cd-be59-58db924df8fc", "value": "397afb74746b2fe01abc63789412b38f44ceb234a278a04b85b2bb5b4e64cc8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821517", "to_ids": true, "type": "ssdeep", "uuid": "5dc5d1ec-9936-4ae2-8c1e-701f42d3ba25", "value": "192:f0lAswM0m+kz8J0fD1dasPPPPWmxWqWPPPPP5/PPPB9Ef/Hk95vPPPPPPPNdJt/U:O6JJ0BdaxmGnE3Ert2jWe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821517", "to_ids": false, "type": "size-in-bytes", "uuid": "8e4fac5b-9e20-4c3c-8d49-ca09dcc4a319", "value": "87520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821517", "to_ids": true, "type": "filename", "uuid": "e8e1b9a1-f2fb-4780-8a3a-ff58dee05bab", "value": "89697406.exe" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821517", "to_ids": false, "type": "text", "uuid": "1f564aa6-0470-481c-b3f6-51c52f4d5ab9", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan.Gen.NPE\nMicrosoft: TrojanDownloader:XML/URLRedirectDownload.A\nSentinelOne: None\nVT Total Detection:29/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "ba36b3a2-303d-4d62-9221-a1672c3fb282", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "1aa706d8-168b-418c-8ea9-dd5b2243b095", "value": "6f5753680566c6d9f1a431e99c2370fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "4dcffce1-2116-40e0-bd11-a9349d24ad12", "value": "81a8950576035b623b3e528637a0a5854dcec2eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "cfc667de-e381-45a8-8de3-dd6d12f9d069", "value": "49abaa2ba33af3ebde62af1979ed7a4429866f4f708e0d8e9cfffcfa7a279604", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821538", "to_ids": true, "type": "ssdeep", "uuid": "c19e0653-db02-4a2f-b47d-6683dedb4657", "value": "384:nphsI8DKCbiiNPyVIB7nstz5R0WBI92vxGOWPnQB+YV5qB:XYDpiiNPydzRva92oY7qB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821538", "to_ids": false, "type": "size-in-bytes", "uuid": "b98ad74e-b7d5-49a9-86b9-5dd61d2f56a4", "value": "144881" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821538", "to_ids": true, "type": "filename", "uuid": "3503d16a-0485-4332-a27d-b2b030aa485d", "value": "Meeting Procedure.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821538", "to_ids": false, "type": "text", "uuid": "c1baf056-466c-46a0-9bd7-5624c6b63e94", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:28/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827824", "uuid": "64e485a4-a8ad-4f5c-a232-94d92318f0c8", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827824", "to_ids": true, "type": "md5", "uuid": "a107884b-44ad-454b-bbb0-625f9175b4d9", "value": "b7891b8d75a0a185de4de71c2522cef5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823572", "to_ids": true, "type": "sha1", "uuid": "e6269220-2c75-4490-b0fe-9a1ecc7ccda9", "value": "b6f020b568b604205a93025fe9b00a10db830629", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823572", "to_ids": true, "type": "sha256", "uuid": "864a11ff-0d20-4cc2-b7ed-8d984bcdb65f", "value": "3e6772aca8bb8e71956349f1ea9fecda5d9b9cfa00f8cdbf846c169ab468a370", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821560", "to_ids": true, "type": "ssdeep", "uuid": "7c1d42b3-1d11-4178-a94d-649929234d8f", "value": "192:f0lAsYM5Zoz8J0nnLdasPPPPWmxWqWPPPPP5/PPPB9Ef/Hk95vPPPPPPPNdJt/2l:OnVJ0LdaxmGnE3Ert2jWe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821560", "to_ids": false, "type": "size-in-bytes", "uuid": "adc3d3fb-74ef-4d9e-9b0a-339b20b360c0", "value": "85152" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821560", "to_ids": true, "type": "filename", "uuid": "29073197-240a-4f58-80a1-28d181a8f53a", "value": "Meeting request.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821560", "to_ids": false, "type": "text", "uuid": "068d62d9-2fc2-45f9-8ee2-347e3824de61", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: TrojanDownloader:XML/URLRedirectDownload.A\nSentinelOne: None\nVT Total Detection:29/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827845", "uuid": "8bdd4191-1d2c-44e1-bf8f-b89d6eb35fe3", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827845", "to_ids": true, "type": "md5", "uuid": "abd3c566-a9c6-441e-ac62-f5a2e6153be7", "value": "5eae3d3b9aeeb0a4186ad3b68ff2da59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823574", "to_ids": true, "type": "sha1", "uuid": "6405c17d-8645-4a51-8762-f58e6e502174", "value": "fc8d5e3ffc56198118b1d5155c9116a242008809", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823574", "to_ids": true, "type": "sha256", "uuid": "c32f7767-6797-465a-8ba1-96d23a13de5b", "value": "f0aa5a27ea01362dce9ced3685961d599e1c9203eef171b76c855a3db41f1ec6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821581", "to_ids": true, "type": "ssdeep", "uuid": "1c7bbb68-6cdc-4fe4-94f2-9e74e5d4a2ce", "value": "384:npEy9I8DKCbiiNPyVIB7nstz5R0WBI92vxGOWPnQB+YV5qB:jPDpiiNPydzRva92oY7qB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821581", "to_ids": false, "type": "size-in-bytes", "uuid": "cba20bf4-709c-4694-a37c-ec9289fff5ea", "value": "144844" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821581", "to_ids": true, "type": "filename", "uuid": "b93eaa2c-955f-4111-bfad-f754e3246a77", "value": "\u0428\u0443\u0443\u0440\u0445\u0430\u0439 \u043c\u044d\u0434\u044d\u044d 2024-05-27 -.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821581", "to_ids": false, "type": "text", "uuid": "2fb3ba88-8dad-45d8-a731-417fe7386089", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: Trojan:O97M/Malgent!MSR\nSentinelOne: None\nVT Total Detection:31/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827866", "uuid": "e7c1d35a-a991-4ca9-9a14-df62cba84302", "Attribute": [ { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827866", "to_ids": true, "type": "md5", "uuid": "bb68936d-eca5-4187-a72a-74ca6deafccb", "value": "f5f51b41603bf120c4d9cd2f392b6bd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823575", "to_ids": true, "type": "sha1", "uuid": "2ccceb0b-a24c-494b-9c45-da50539e47a1", "value": "a8a7c84adc604f64a3800fb7bba4262c103d7531", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSC file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823575", "to_ids": true, "type": "sha256", "uuid": "0e6409b1-6585-44a1-8eb2-0be4f4185679", "value": "e81982e40ee5aaed85817343464d621179a311855ca7bcc514d70f47ed5a2c67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821603", "to_ids": true, "type": "ssdeep", "uuid": "446f3015-bce6-4a57-ada9-54f57573d346", "value": "384:w41lXsRFpBjYishqgaqarBsBI92v1GOWPnQB+7WFpj:VnX6FpdYi7gaSa92sY6WFpj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821603", "to_ids": false, "type": "size-in-bytes", "uuid": "3781268e-9d75-4eab-9a2d-41ad08b2efdf", "value": "144894" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821603", "to_ids": true, "type": "filename", "uuid": "258a7b8f-aec2-472b-9cc8-58f936933d4e", "value": "Meeting Invitation.msc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821603", "to_ids": false, "type": "text", "uuid": "92c9f38c-982a-4309-8789-c3e4a42539e8", "value": "MSC file\r\nType Description: XML\nSymantec: Trojan Horse\nMicrosoft: Trojan:O97M/Malgent!MSR\nSentinelOne: None\nVT Total Detection:31/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827888", "uuid": "b471f743-1621-44e1-b19a-43acc085fd3a", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827888", "to_ids": true, "type": "md5", "uuid": "50332ac6-df57-4a71-b97c-01e29f4ace80", "value": "204a12016c46d31d615c38b13f6ad7ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823577", "to_ids": true, "type": "sha1", "uuid": "6dc1526e-e922-4036-b701-bd0864070c30", "value": "8a601eb85faf540a368739fa57da544b9888ca5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823577", "to_ids": true, "type": "sha256", "uuid": "6a5cec35-e846-4af1-a562-44315eef864a", "value": "471e61015ff18349f4bf357447597a54579839336188d98d299b14cff458d132", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821624", "to_ids": true, "type": "ssdeep", "uuid": "37897ee2-0900-4f34-bfa2-fb187d7c4265", "value": "24576:VMw6K6nOZ9U8uUwESNRJHpNtCaRPOEKwIxOUYhvundn:VMw6KhZ9UdUQRRpvR2EKw+ON4R" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821624", "to_ids": false, "type": "size-in-bytes", "uuid": "fd453a26-8c0c-477d-a78b-6c6733ace86b", "value": "970752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821624", "to_ids": true, "type": "vhash", "uuid": "08820de6-9f55-4f49-9a82-c37dddece523", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821624", "to_ids": true, "type": "filename", "uuid": "5ecf0f5f-d28d-4d7f-8e18-25e74fe6b406", "value": "4_edr71e61015ff18349f4bf357447597a54579839336188d98d299b14cff458d132XxX30Fpx.fpx" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821624", "to_ids": false, "type": "text", "uuid": "da818587-9fdb-404c-b991-7e19d91c5b51", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:41/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827909", "uuid": "a919b9fc-82d4-416d-adfa-a568c2b0fe36", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827909", "to_ids": true, "type": "md5", "uuid": "4dc9de82-6cf1-450e-a7be-6a29b0591b16", "value": "6da30fa0f72aeb1f4d399ddfffeea04d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823578", "to_ids": true, "type": "sha1", "uuid": "f4d60be8-685b-4b8a-b9ee-7b8749235f52", "value": "ace88cc96147418a0e839f7161cfd4ea2d8ca73b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823578", "to_ids": true, "type": "sha256", "uuid": "0c38cce9-b650-42ec-8a6b-78bc2727609c", "value": "7c741c8bcd19990140f3fa4aa95bb195929c9429fc47f95cf4ab9fad03040f7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821645", "to_ids": true, "type": "ssdeep", "uuid": "3d769750-6153-42ea-82c0-69840014685a", "value": "24576:+WwisGZLJrR757l10v8cbIJHwE78YlO9EoSv:+WwmZD57wv8c8JHw0F1oS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821645", "to_ids": false, "type": "size-in-bytes", "uuid": "e22c3d7f-0bd6-4061-aecd-72cabf2614cd", "value": "868352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821645", "to_ids": true, "type": "vhash", "uuid": "4a778725-af51-427d-b7ef-00303730bf2c", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821645", "to_ids": true, "type": "filename", "uuid": "81979f31-7671-4dbb-bb28-72d30ec8076c", "value": "7c_edr741c8bcd19990140f3fa4aa95bb195929c9429fc47f95cf4ab9fad03040f7bXxX44Fpx.fpx" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821645", "to_ids": false, "type": "text", "uuid": "86a1438b-76fb-4042-b7d4-114ada14fbb7", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:42/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827930", "uuid": "bbb45a87-b601-42b0-9f32-d4209754f55e", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827930", "to_ids": true, "type": "md5", "uuid": "511886a1-61e6-4e24-b135-7cdf4a3966d0", "value": "012ffc7ae4d2ba4e725c0a47f69b3372", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823579", "to_ids": true, "type": "sha1", "uuid": "d9a72013-01c1-4ede-b86d-6372882dec5a", "value": "56e1a79d2209dfa1b7b62bcc67e8e270edc70496", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823579", "to_ids": true, "type": "sha256", "uuid": "4d6df366-b15d-44bf-8e61-14bb9c929858", "value": "1efe366230043521c1f55cc049117a65acd1a29f4470446ad277f57c4f3a2feb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821667", "to_ids": true, "type": "ssdeep", "uuid": "647bcab5-02e9-451a-9368-9936cf9f1083", "value": "12288:Url8gnFw8Hm5ZRGGkkYi755Y+Nzy5m2I/Ikxzh8+9t324BHGMAET2NOKsYm2wo1:YC8HmNYxoO5TQzh8+9t324xGMA4Dxawo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821667", "to_ids": false, "type": "size-in-bytes", "uuid": "753d78d1-fe55-4a1e-9d48-f0167e701747", "value": "757760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821667", "to_ids": true, "type": "vhash", "uuid": "284b2c58-752a-4820-ba99-e152ec623c60", "value": "39daf4d6c9cf09ed46c410fe24997e1c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821667", "to_ids": true, "type": "filename", "uuid": "ac982d21-168a-4489-9dc5-fdd18482fa5c", "value": "4ad876.msi" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821667", "to_ids": false, "type": "text", "uuid": "0fcdbaf5-9711-4ef2-bfb3-c18e6946b962", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:35/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827951", "uuid": "43504c09-5ad2-48be-8ed3-3049c0a5efc4", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827951", "to_ids": true, "type": "md5", "uuid": "aeed477a-5976-4c56-aafb-5fe9e62ba984", "value": "046ed53976d5b684b5270291a0ef0b3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823581", "to_ids": true, "type": "sha1", "uuid": "8144feed-1285-4c40-826e-7115f31445b0", "value": "fb2411fb53fa6f8b37c4f4a47c508e40c7c08e49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823581", "to_ids": true, "type": "sha256", "uuid": "793cc7cd-41c7-4aeb-8565-8ffb96ad38a7", "value": "7a2994a6b61ee8ac668e41e622edfa7ae7e06b66d80c2a535f5822bc98058c33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821688", "to_ids": true, "type": "ssdeep", "uuid": "dbcf5bd9-f2f0-4ae7-8f8e-6e58e97feec8", "value": "12288:vJFiiet3SMBrS2lZQbEktsOLIGyLSrGg4Ly+xERUpeqB3OL7DZuy9:x88+1lZQhts0IFWGy+xGwOvYW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821688", "to_ids": false, "type": "size-in-bytes", "uuid": "7d25ec6f-7b23-4508-a4f3-bfed10a72244", "value": "757760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821688", "to_ids": true, "type": "vhash", "uuid": "76bf559b-4efe-4be1-a596-188e5fbd54ba", "value": "39daf4d6c9cf09ed46c410fe24997e1c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821688", "to_ids": true, "type": "filename", "uuid": "3b9ba743-7629-4766-bb81-64f004fcaaf8", "value": "641eeb.msi" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821688", "to_ids": false, "type": "text", "uuid": "5577568c-6ea9-4498-9ee7-3603195980d0", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:37/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827972", "uuid": "0e390447-2e60-4419-8e3e-81a8b67fab91", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827972", "to_ids": true, "type": "md5", "uuid": "d3f48bed-0b05-44eb-874f-cce0916ab06c", "value": "9ee6e8f633764c06142c9abeddb9f04c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823582", "to_ids": true, "type": "sha1", "uuid": "47f9e4b6-5729-48f7-ae1f-a8ba87a77fff", "value": "f21fbe42eba84d6300e6f4cf59426d2f10a1ed09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823582", "to_ids": true, "type": "sha256", "uuid": "f6342fe7-ce6f-487e-88b7-35025bd47828", "value": "364f38b48565814b576f482c1e0eb4c8d58effcd033fd45136ee00640a2b5321", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821709", "to_ids": true, "type": "ssdeep", "uuid": "ec913f3b-8e05-4994-9d29-69763d6c4fa7", "value": "24576:jIw1lf8K4fnJZlJr63G/U9PxjnAuyX4kiS/X:jIw1lf8xfnJZf/CPxjnDbk9v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821709", "to_ids": false, "type": "size-in-bytes", "uuid": "cc5f643d-6f41-4ab4-a650-3c38efd10f12", "value": "942080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821709", "to_ids": true, "type": "vhash", "uuid": "cf50cfe3-8cf3-4b7d-bc3b-94ec9dffc598", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821709", "to_ids": true, "type": "filename", "uuid": "37d68cff-f4f6-49a7-849a-c0002299ecd3", "value": "6460c7.msi" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821709", "to_ids": false, "type": "text", "uuid": "25ac72bb-ebca-44d6-8697-70cadad9bbeb", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:37/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736827995", "uuid": "def23c29-e975-4a8e-844e-8b0f90205926", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736827995", "to_ids": true, "type": "md5", "uuid": "8414b67f-7a18-4a7e-8454-68221c4e6736", "value": "aec98e476bf077bddcb5431ed579ca47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823584", "to_ids": true, "type": "sha1", "uuid": "fa961cde-db58-4b7e-bfc9-e31a50bd5cc0", "value": "aa9c7ae9e9f01888e26afe47fd8b28ef1177b0ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823584", "to_ids": true, "type": "sha256", "uuid": "9f31a1d6-9cd1-4e2c-8315-f5cddc005f5d", "value": "d4b9f7c167bc69471baf9e18afd924cf9583b12eee0f088c98abfc55efd77617", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821731", "to_ids": true, "type": "ssdeep", "uuid": "4bbca524-4591-4bc5-a90f-ddaf2923f6ec", "value": "12288:j9zMrusXJhxskUlLsa3UK6rTFT0UWNP/myYUaoL9eZJ+p9zR2ORWDun2BY0e:WyYpUSauFYxmvq9r9zkOYC2e0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821731", "to_ids": false, "type": "size-in-bytes", "uuid": "fee9f93c-46a5-4b0f-98c9-64d765943c18", "value": "819200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821731", "to_ids": true, "type": "vhash", "uuid": "27e9abab-71ff-4884-95ae-b0a7130b234d", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821731", "to_ids": true, "type": "filename", "uuid": "dbd07788-6961-420d-94c0-99a30cfabed1", "value": "brjwcabz.msi" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821731", "to_ids": false, "type": "text", "uuid": "988cf46b-8871-4a75-bd41-fdb090144ef9", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:36/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828016", "uuid": "bbdf2a9f-b38c-479e-bf0b-b3007097f6f5", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828016", "to_ids": true, "type": "md5", "uuid": "ae0a637e-5fc9-4c22-ac4d-4985661bb8df", "value": "4489b4e05a9fae397ad5ef4d6b00ca5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823585", "to_ids": true, "type": "sha1", "uuid": "5a65dc8e-1925-47f3-a799-51e0171e45ee", "value": "b0c555325bad495dbdd197adba231ca7e58e074c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823585", "to_ids": true, "type": "sha256", "uuid": "208f2081-29e6-46eb-a868-a862dfb637a4", "value": "dbe26b8c3a75f2a78e1a47e021e5ed0087dd8433a667ab8238385529239f108e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821752", "to_ids": true, "type": "ssdeep", "uuid": "3b3e4b2f-1488-4fbd-a985-d64cbff2497a", "value": "12288:SGo3iiMYKiWhmg0AYEVDnYwlu6xJ3TCwZ1gSRS8HYoajZ6rbs9d5n7A6/0qW8k:7o3ii8XpDYwllOklR2BGsndA6/Zk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821752", "to_ids": false, "type": "size-in-bytes", "uuid": "c8d96a74-3a12-4876-a9c1-707850150c31", "value": "823296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821752", "to_ids": true, "type": "vhash", "uuid": "3fb1fea3-5085-4df1-a099-60cca97cbaf6", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821752", "to_ids": true, "type": "filename", "uuid": "c6966e8f-0978-43a5-8a68-aaca267dc6f9", "value": "DBE26B8C3A75F2A78E1A47E021E5ED0087DD8433A667AB8238385529239F108E.msi" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821752", "to_ids": false, "type": "text", "uuid": "07b6cdd1-eb81-4657-9cf2-5b7701da0de2", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:41/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "cc2ed89f-89d6-44cd-ae26-a832072cee44", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "d72bf442-9f7e-4803-876b-41d645b39590", "value": "9794bd903f9baf249251c3beb693fbc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "f0fac419-9a2f-44cc-954e-8fc25b8401ad", "value": "7484ff4f837cad55c85cac20c3597eb683852068", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "a099efba-7094-444e-b2aa-2dae280e8ca7", "value": "71e462aaca0f2d8c8a685756b070d017c796de6ac22021a79d922f2f182d4fb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821774", "to_ids": true, "type": "ssdeep", "uuid": "f58fca60-b7e8-458a-91e4-1d1755f4ddb4", "value": "24576:3XZFaDUZ09brk4FtSVUfTH59GPUvETHFarClEziowgF2JNtfSJJAUQKo:3XKDUC9brNYVULH79vqlExFmNtMXS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821774", "to_ids": false, "type": "size-in-bytes", "uuid": "4604c4ec-f726-4e1b-9723-38191aa693c1", "value": "1196032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821774", "to_ids": true, "type": "vhash", "uuid": "86614db0-bfd2-49a1-8950-b4138dd0bace", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821774", "to_ids": true, "type": "filename", "uuid": "0c663c31-309d-4b06-9aee-a3ffb09d85e0", "value": "672063218.exe" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821774", "to_ids": false, "type": "text", "uuid": "1be2fc56-73c2-4b75-bfe5-911ec1e000eb", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Malgent!MSR\nSentinelOne: None\nVT Total Detection:41/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "1ecdcaca-0e25-46f8-9922-ab6e8bd3025a", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "d6bd03cd-a531-40c8-8583-f12c4028c636", "value": "8b1fd0d5bbd453a52406fcae1b18c192", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "3e110bcc-70da-4f01-aebe-e4e1c9f75b2b", "value": "694dcf2691055adbdbbed36f4e2e9582099eed8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "1b17d96c-ff18-476e-8447-9de1b2ff0688", "value": "2d884fd8cfa585adec7407059064672d06a6f4bdc28cf4893c01262ef15ddb99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821796", "to_ids": true, "type": "ssdeep", "uuid": "83666485-5cc3-41d2-a818-7a224e2887f6", "value": "24576:GAbsq0/9/hkL+TzSMa63/25unmBp1uO5ANs6n:Gz7Y+XSMaNumB7uMA/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821796", "to_ids": false, "type": "size-in-bytes", "uuid": "c39ac7b9-aab3-4a66-b6bf-e51772620410", "value": "1200128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821796", "to_ids": true, "type": "vhash", "uuid": "dca52f34-c716-42aa-b6c1-3cbb250f9298", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821796", "to_ids": true, "type": "filename", "uuid": "5a7a12ad-dae2-4397-9f4c-a21ac64ded5c", "value": "672062109.exe" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821796", "to_ids": false, "type": "text", "uuid": "abc834f6-fdc1-4adb-a358-022c4e8a424f", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:39/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "1b7f1487-fda2-43c0-9684-33ec29a518b1", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "d7bf982c-f563-4a1f-923b-79163193e057", "value": "fc997de78ccf709d1f0da8957cbd0a3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "9743c94c-e6ad-4530-915f-1afd22c50b39", "value": "f06adaa27b2a74d99ead4ab5f7a048fa52a961c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "85b549b7-3f19-4c0e-abd5-e7ab81d581c2", "value": "30fbf917d0a510b8dac3bacb0f4948f9d55bbfb0fa960b07f0af20ba4f18fc19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821817", "to_ids": true, "type": "ssdeep", "uuid": "50355423-b64e-42b3-b54b-ba21a622c40e", "value": "24576:2XZFaDUZ09brk4FtSVUi7bU2TBG/KzX6q8QYQKxu00bTJdO/ZMUQg29:2XKDUC9brNYVUi7bRM/KLysjbTJ0OUJY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821817", "to_ids": false, "type": "size-in-bytes", "uuid": "ef0be682-382d-4392-b581-c5dc8524a018", "value": "1196032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821817", "to_ids": true, "type": "vhash", "uuid": "fb956349-2dce-43c4-ae2a-5106d9d4bfdb", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821817", "to_ids": true, "type": "filename", "uuid": "867b77e5-807a-485e-ae4a-a68e4bf2d8d9", "value": "672062109.exe" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821817", "to_ids": false, "type": "text", "uuid": "6165125e-e535-4525-ac55-8d8472b92c90", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:39/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "d64d2ad9-e58b-46ea-887f-6de686de4283", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "a98a024c-d968-4853-a711-9cf2c6f2eb84", "value": "b37a3cf7715a5eadfb3ff8a648bea015", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "cc362ec0-d393-4b34-bcd9-0e0d07e353d5", "value": "a178bb28a74e8986a7cf12415dd0846e2b34a2d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "390a8758-5b14-4a8e-987f-341e875cd3bf", "value": "2cd4fb94268ba063b1a5eea7fe87e794fecf46c0f56c2aaa81e8c9052bb4f5f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821839", "to_ids": true, "type": "ssdeep", "uuid": "656e7934-163c-42a1-9543-5fcda7d2c63d", "value": "24576:4yj7AntiRRKTb+EkxQvljHxJ/NZTwQjsISWwpVUFxrpIlPNCF:4ygntiRRmyEksLDjT9hoVUzN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821839", "to_ids": false, "type": "size-in-bytes", "uuid": "3da55832-1062-4d94-a469-51f6e84f416e", "value": "1212416" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821839", "to_ids": true, "type": "vhash", "uuid": "270b8860-7619-4e28-96b3-80b4996120a1", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821839", "to_ids": true, "type": "filename", "uuid": "dcb3e771-b2bf-4f43-b8d5-8f67db2af42b", "value": "Adobe-Setup.msi" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821839", "to_ids": false, "type": "text", "uuid": "ce886ff2-0b3e-4a83-a624-ce9a6ef1d111", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:39/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "2e36b8b8-f566-4dac-b52b-0b76453695d7", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "b6631c7a-c9db-479e-a929-102da39b2fd9", "value": "cf80bbcf2312d0e38cc65b008e5bba80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "ecc2ebd8-8a86-4249-b640-9be4a975f2ce", "value": "61afa81f166e3e3b5872892ecfe737e891e33e9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "693a5e1a-722a-4bb9-8d71-5beb0479459d", "value": "38b2852a8dfadac620351c7bea674c29cc5aa89d051fb7acfb8d550df00d4403", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821860", "to_ids": true, "type": "ssdeep", "uuid": "f03e20b2-9238-4a90-a5fa-1b2bf069ec43", "value": "49152:npfxIRVA1punQZgDH0P0qA3FUmQgtljW+eGk1OMra:npfxIvA1pQ0chPZ2OMr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821860", "to_ids": false, "type": "size-in-bytes", "uuid": "09cc9ece-327e-4073-91d5-ee50e5e36d7e", "value": "2134016" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821860", "to_ids": true, "type": "vhash", "uuid": "d49c44ca-1515-4351-b2d0-e29c211b0f55", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821860", "to_ids": true, "type": "filename", "uuid": "bf60d5c7-5814-4227-8712-8f5c7139efed", "value": "38b2852a8dfadac620351c7bea674c29cc5aa89d051fb7acfb8d550df00d4403.msi" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821860", "to_ids": false, "type": "text", "uuid": "a7b8b7ac-99be-4609-af5c-8f5f3c92ddf2", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:40/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "067e8bc8-0cff-4a04-8b25-8d21b6da5c46", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "3b993f19-6581-445b-9f06-8eb6c521b376", "value": "92301e7ae0841fd24952f3811effb5d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "814c378e-480d-4c63-ba53-4586ba75ff5a", "value": "9e65911f17ed379425b35be056b358f1b9ec9a9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "3dcefea9-7fef-4872-a55a-75c6c30c07b0", "value": "34e915d93b541471a9f7e747303f456732cd48c52e91ef268e32119ea8c433c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821881", "to_ids": true, "type": "ssdeep", "uuid": "38cfbd67-ce01-45f7-94c3-731c3c09ea43", "value": "24576:6IfcLU68zSRbns2V3GM5yH7oCuiimOmzJnheLS:bfcf0YbnpgH7oCOqheG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821881", "to_ids": false, "type": "size-in-bytes", "uuid": "0fa078fd-e2de-4c3b-8857-9d9c7bb27a5c", "value": "1445888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821881", "to_ids": true, "type": "vhash", "uuid": "9ca4b59c-c625-4fde-ab50-65f259baa033", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821881", "to_ids": true, "type": "filename", "uuid": "fb9ee374-ca8d-4b2e-8c10-07910fb3ffeb", "value": "34e915d93b541471a9f7e747303f456732cd48c52e91ef268e32119ea8c433c0.msi" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821881", "to_ids": false, "type": "text", "uuid": "b7ce5b70-288b-4371-ab53-1b17de1e1498", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:36/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "ef051a03-655c-4060-bcf6-bf23d3a0bfc5", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "11823bbe-24ca-46c1-8b89-220069ef5c46", "value": "7f23b0377c7ca504fa18d04c14d8f617", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "5a6b7e32-d7c5-459f-a325-062131188083", "value": "260dbb2ce4e70765f81a36147b39389eac42984c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "3c797831-79c4-4e2e-a8ef-779d395c44e7", "value": "507aa944d77806b3f24a3337729b52168808e8d469e5253cbf889cdaabb5254e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821903", "to_ids": true, "type": "ssdeep", "uuid": "e9e2a80c-77a9-4cf4-ab3c-5b649382ae24", "value": "24576:lXZFaDUZ09brk4FtSVUpYIYULgLKJuRMdDQksSkvB+mA418WLFH:lXKDUC9brNYVUpYIYousDQL8mFKWL9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821903", "to_ids": false, "type": "size-in-bytes", "uuid": "8753e30a-7143-4f9f-974c-07687ce4a430", "value": "1187840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821903", "to_ids": true, "type": "vhash", "uuid": "fc094eb0-c9fc-4685-92f8-1dffb1df3366", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821903", "to_ids": true, "type": "filename", "uuid": "769d10fb-d344-49e0-9059-7bc21fdc811a", "value": "deqcehfg" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821903", "to_ids": false, "type": "text", "uuid": "0d414cbf-ce5b-4460-9a09-e9da4247d5d0", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:40/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981684", "uuid": "6183d759-9853-4aed-99da-cc6fb3e58c23", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "da14d136-835b-4e7e-9fb4-9a06ae73e186", "value": "7c23b3eb95d4f5be3dae181c2c473573", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "6678c653-0e1b-4752-bda9-343c59974362", "value": "aee1cbe5eaf585bec5225cff4663ac39e858f0eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981684", "to_ids": true, "type": "sha256", "uuid": "ada4b2cd-333b-49a9-8100-dd8ec564b4dc", "value": "976ffe00ca06a4e3d2482815c2770086e7283025eeecad0a750001dedaa2d16a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821924", "to_ids": true, "type": "ssdeep", "uuid": "8dd83288-f679-4a91-9882-c1db76b3089e", "value": "24576:CwUMM47rEhBna4XB8Kl1pyCyGcocj4H1Kp1KY0mbG9IZ/:CwUJ46BaK8KRyCy1j4181KYDG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821924", "to_ids": false, "type": "size-in-bytes", "uuid": "f56262bb-1eb2-4410-b402-10fdbf1acc3c", "value": "1114112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821924", "to_ids": true, "type": "vhash", "uuid": "375b61f4-8ee2-4ea0-afe7-69ba4f4891ee", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821924", "to_ids": true, "type": "filename", "uuid": "c87226c9-7d8e-40ec-8aad-2c15ae1e12c8", "value": "89715343.exe" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821924", "to_ids": false, "type": "text", "uuid": "46a6cee5-7939-4abc-806b-f7d4eb2a282d", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:43/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828207", "uuid": "07cedd23-1669-4df0-9dcd-32ceb8160a41", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828207", "to_ids": true, "type": "md5", "uuid": "8527ea38-1b7b-4473-bef2-8a93dabc7052", "value": "e79180380997a855c8d19be02d035b7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823600", "to_ids": true, "type": "sha1", "uuid": "4c5530a6-7a6a-48f8-937a-c7ef21878d6f", "value": "8fabc9d73f32c0c01083b438ffc6f0d3bee6e80e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823600", "to_ids": true, "type": "sha256", "uuid": "7796031d-285b-460c-818f-9022d7ca6bc9", "value": "c7ec098093eb08d2b36d1c37b928d716d8da021f93319a093808a7ceb3b35dc1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821945", "to_ids": true, "type": "ssdeep", "uuid": "b2a02bac-abc7-4be2-9fa1-3f35fbfba22b", "value": "24576:j2XSjbixTs21LN5w6yfygtF9M5ZXn3lftfsATt:y/42Yy8vs3ftfz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821945", "to_ids": false, "type": "size-in-bytes", "uuid": "40fbafb5-d582-4d5c-8b06-9fae58f1dc2d", "value": "856064" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821945", "to_ids": true, "type": "vhash", "uuid": "ff2dfcf3-a27e-4bef-ad61-13e87b62bd98", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821945", "to_ids": true, "type": "filename", "uuid": "db27a613-c73b-4610-933d-78e1a9345436", "value": "enmjgwvt" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821945", "to_ids": false, "type": "text", "uuid": "26ad28c2-6070-4d71-b6f9-18c0ba469ef0", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Korplug!MSR\nSentinelOne: None\nVT Total Detection:43/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981685", "uuid": "ce43d908-008c-43a2-bc2e-fb26603dc92a", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981684", "to_ids": true, "type": "md5", "uuid": "3b0333cc-f8c5-43bd-a9ec-9415bc27c140", "value": "12d532ad425a2e62083f5a448f46a141", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981684", "to_ids": true, "type": "sha1", "uuid": "707c0bec-b182-4690-9659-214ebfda50da", "value": "0cf32945929b3c0caf49f83f5d6a718f51967c38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981685", "to_ids": true, "type": "sha256", "uuid": "884d7180-0b05-465b-a82d-d447e0fbf2f7", "value": "c2d259056163788dce3a98562bb3bcba3a57a23854104e58a8d0fe18200d690b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821967", "to_ids": true, "type": "ssdeep", "uuid": "cdb44e00-90c7-483a-b4fe-d9854c69995f", "value": "24576:KGcka42st3bdrA/hrX8+w8WSPU5Ha0dP:KGckr2strSJX7tU560F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821967", "to_ids": false, "type": "size-in-bytes", "uuid": "454a36af-f2b7-4942-8f2d-5d000bf70e2c", "value": "1200128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821967", "to_ids": true, "type": "vhash", "uuid": "9e6af793-0f60-4089-b573-c4312917d447", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821967", "to_ids": true, "type": "filename", "uuid": "e9398638-aca1-4991-9ad4-900c34421d31", "value": "672068171.exe" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821967", "to_ids": false, "type": "text", "uuid": "75ab8a37-405e-40a5-9e4d-5d89da7e1a31", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Malgent!MSR\nSentinelOne: None\nVT Total Detection:40/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981685", "uuid": "ce6d1256-064c-4595-b1b2-548fd25bcc09", "Attribute": [ { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981685", "to_ids": true, "type": "md5", "uuid": "9bb10f00-376b-4f14-9958-27256889b5c0", "value": "4875b23906a1e1f4d2aaed6a503cdde6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981685", "to_ids": true, "type": "sha1", "uuid": "c0931a6c-6f8c-479e-b5e8-9601fba660ed", "value": "b463f3c978f11a12e4cbdfd6ff141451ed32bb7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "MSI file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981685", "to_ids": true, "type": "sha256", "uuid": "1d27cb08-6a89-4a62-9e0f-48b45a9ba1f0", "value": "62adbe84f0f19e897df4e0573fc048272e0b537d5b34f811162b8526b9afaf32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736821988", "to_ids": true, "type": "ssdeep", "uuid": "e6ae9e4f-aabc-44e1-b9fa-64eff92ea2d4", "value": "12288:fDw8Ri4RSRlvjrFCI2+40KWISXzo1skxTn/5/9U3bbzBxMDn8SBlUGf0k+C9:fDw8RN2pT2t0nISXzoak9QBxMAzvC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736821988", "to_ids": false, "type": "size-in-bytes", "uuid": "331cdb31-7065-4c30-a396-1dd486a69a94", "value": "860160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736821988", "to_ids": true, "type": "vhash", "uuid": "41a335e6-64b8-47b1-95a2-0a4cdd6d82b9", "value": "928e0b0c9b6cdd0fc10068eed4a49b06" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736821988", "to_ids": true, "type": "filename", "uuid": "07ccaf66-45bf-4286-9852-b6e98b1125ac", "value": "Adobe-Setup.msi" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736821988", "to_ids": false, "type": "text", "uuid": "2ef60e4f-1eb1-4901-b1f9-19b46bd5dce1", "value": "MSI file\r\nType Descriptio%WINDIR%\\Installer\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:36/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828270", "uuid": "efbd1532-3d24-44ae-b2d5-9cc0029f44cf", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828270", "to_ids": true, "type": "md5", "uuid": "8b3ba2f9-3661-43f2-9e45-665339d6ee05", "value": "c3b668cce4dd5a8b88cdf9e1829a3da3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823606", "to_ids": true, "type": "sha1", "uuid": "76092263-51c2-4afd-b10b-de880734c31a", "value": "e7a05c89eceae210ce9931635836953fcc18697b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823606", "to_ids": true, "type": "sha256", "uuid": "99018aaa-7bc9-4de5-a4b2-e45f17374e22", "value": "67c23db357588489031700ea8c7dc502a6081d7d1a620c03b82a8f281aa6bde6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822010", "to_ids": true, "type": "ssdeep", "uuid": "eb9b104d-a578-4b3e-8955-78be846bfb4f", "value": "1536:sxsGnVCNT9QhszxXt79srNeuJ9DeZpDit6qrHU+:pNTCsVp2rNHJxt6qo+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822010", "to_ids": false, "type": "size-in-bytes", "uuid": "26f29111-c54a-4d3d-91c8-bf06b054392f", "value": "94096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822010", "to_ids": true, "type": "vhash", "uuid": "0f08a4a7-50d6-493e-9041-c3b4334f4af5", "value": "1940b76d15555c051d1d1az132c&z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822010", "to_ids": true, "type": "filename", "uuid": "8ac455a6-63c7-48c0-ad96-77c7c9511187", "value": "ZaiSaTKOBq" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822010", "to_ids": false, "type": "text", "uuid": "9834de1d-e504-4582-8151-b01e5f10b1ff", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Korplug!MSR\nSentinelOne: None\nVT Total Detection:52/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828291", "uuid": "5ac62dd5-7d95-48a9-aaf0-f5a0add3ee4b", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828291", "to_ids": true, "type": "md5", "uuid": "d0389ed9-6b71-4251-a87a-90b4ef154acb", "value": "97bed8414045728b9628cb64b7a9a088", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823607", "to_ids": true, "type": "sha1", "uuid": "d86812a5-e218-41ae-bb29-fc8f2b737351", "value": "edd7f133df62d63042cae076a29399df88bf1b87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823608", "to_ids": true, "type": "sha256", "uuid": "9895538b-b07a-46b2-978d-2e6ffa853438", "value": "b6f375d8e75c438d63c8be429ab3b6608f1adcd233c0cc939082a6d7371c09bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822031", "to_ids": true, "type": "ssdeep", "uuid": "4cbb702e-9779-46b1-97fb-72d1dd08172d", "value": "1536:5sDzzp+zGMzLxshQ7N79VIArJIx9PjzKzM2qrHU+:556Mzdsq97I4JOKzM2qo+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822031", "to_ids": false, "type": "size-in-bytes", "uuid": "dc76df8a-7734-4e3f-afed-e5c04bdddd4c", "value": "91024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822031", "to_ids": true, "type": "vhash", "uuid": "4fb994f0-fa6a-4417-a7fe-b62b75a7566d", "value": "1940b76d15555c051d1d1az132b&z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822031", "to_ids": true, "type": "filename", "uuid": "12cef7bc-efb2-4348-a044-170720e09483", "value": "msi.dll" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822031", "to_ids": false, "type": "text", "uuid": "f57a54a7-9480-4340-82d7-71cfddb85b0a", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Malgent!MSR\nSentinelOne: None\nVT Total Detection:51/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828312", "uuid": "cdc41f33-421b-42eb-a1f0-aaad354d468f", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828312", "to_ids": true, "type": "md5", "uuid": "76439b9e-814a-4bb2-abdf-a83b500ff201", "value": "052822726e282838e1c472ddc09165cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823609", "to_ids": true, "type": "sha1", "uuid": "890d2342-8622-45cd-a37d-4aa6a1b3a8dd", "value": "21e5acfc44fe3d9ba1ed01c484ffcb6d06c6b29d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823609", "to_ids": true, "type": "sha256", "uuid": "e060f693-37e6-4c04-8246-dd305b0d03eb", "value": "367a98647dea14345e258bc01dfb77b46d1a895e91b5d088cf949de34db13f59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822265", "to_ids": true, "type": "ssdeep", "uuid": "8a2ee2e4-acb0-492c-bd98-96b76388de37", "value": "1536:Zj4zIOn3o8s0svGPOkzLBD50liPSpDkZkNsWVcdVKxHEjolW:Zs3nY8s0JPOkzLzrOEV2HEjoM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822265", "to_ids": false, "type": "size-in-bytes", "uuid": "d670668b-0ec4-4485-99ab-9c6c11f91860", "value": "84048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822265", "to_ids": true, "type": "vhash", "uuid": "27cc3474-36ff-4501-9bd9-bf755486cb2f", "value": "184046655d156az4!z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822265", "to_ids": true, "type": "filename", "uuid": "7d9eae79-8c69-4ad0-9aa0-033de514f86f", "value": "DyagfQRaP" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822265", "to_ids": false, "type": "text", "uuid": "9b615f27-ffd7-4d92-864f-41e4c712307b", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Malgent!MSR\nSentinelOne: None\nVT Total Detection:47/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828334", "uuid": "52d66a16-1b9e-4b78-a27e-b3f32810a504", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828334", "to_ids": true, "type": "md5", "uuid": "f268fb5a-faf3-4ee3-8972-cc09e022a408", "value": "44d4ca7a07e74d7a88f637b87fdb93cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823610", "to_ids": true, "type": "sha1", "uuid": "c4149e88-0575-4c00-b09c-81f055f9437f", "value": "519808989cc2fba6da4e40c3a2e572f8421ebb92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823611", "to_ids": true, "type": "sha256", "uuid": "63f3e726-c3e7-47da-a4b3-ff3a7f566ef3", "value": "f2b04c3c764c85c0bedb434b55304d26d067662cd47e620e219657a0007c9fe0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822329", "to_ids": true, "type": "ssdeep", "uuid": "e610114f-358a-4665-8e38-0ef92b92da7c", "value": "1536:WJ1pE/SfJ9ysbTw2PF1znjb7TPeSJDkZkNsWVcdSKlWjolW:WTpFf/ysbtPF1znsOES+WjoM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822329", "to_ids": false, "type": "size-in-bytes", "uuid": "d5948d35-47b1-4add-9fc2-8fe8a9198030", "value": "84048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822329", "to_ids": true, "type": "vhash", "uuid": "11e46b12-f04d-4ad4-9a82-35c6db64f9c5", "value": "184046655d156az4!z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822329", "to_ids": true, "type": "filename", "uuid": "d5faa736-1f30-47ae-85c4-3be910c55174", "value": "vHRXwdXRr" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822329", "to_ids": false, "type": "text", "uuid": "e1d5d893-a332-469c-821d-5d2a086a9d83", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan.Whispergate\nMicrosoft: Trojan:Win32/Malgent!MSR\nSentinelOne: None\nVT Total Detection:49/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981685", "uuid": "986f6207-c848-4007-9045-ce3125fba1ef", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981685", "to_ids": true, "type": "md5", "uuid": "21ed20f7-ce63-48ef-8e22-844ad97b266d", "value": "9f57211facd9ce7e600da450bcb9aa2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981685", "to_ids": true, "type": "sha1", "uuid": "b4524b0b-cbe5-4496-b711-e3821568f5fe", "value": "9255a6503ae443b30230f6117948c795eeff4ea9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981685", "to_ids": true, "type": "sha256", "uuid": "74471013-25d1-45e6-9a66-56e1311fd9b8", "value": "c25b3a3d7779cb89772454a756ce48ed3744cf233564d309b6f8d19bd8e26fa4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822351", "to_ids": true, "type": "ssdeep", "uuid": "eda24fa7-84cd-4412-953d-c8c39f5c7662", "value": "1536:soJzu0djVnw+i6n3ZIfSUH9cKh+F3wvgRgbjwrsKZfAI5fxkEu3T/t3Af:soJjjVw+FpIfDL+FAL3HaHp83Tl3g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822351", "to_ids": false, "type": "size-in-bytes", "uuid": "2a4e4d53-bd4a-4572-b170-a7e3cfa16d61", "value": "110872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822351", "to_ids": true, "type": "vhash", "uuid": "bbe49522-1e4e-4b18-a527-e42ca9303dff", "value": "115066655d1d05156az111f&z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822351", "to_ids": true, "type": "filename", "uuid": "92dc292c-32cb-45e1-ad27-96bbde25bad4", "value": "zzmopq" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822351", "to_ids": false, "type": "text", "uuid": "7d7648cf-4db0-4128-8135-b82c5199c509", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/korplug.DB!MTB\nSentinelOne: None\nVT Total Detection:51/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981685", "uuid": "e295ee2b-8196-46ba-af2c-ebaeb246bf49", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981685", "to_ids": true, "type": "md5", "uuid": "af12a2c4-e0d7-4058-9dc7-a4ba359affa8", "value": "1fdae36641f385b30541331611105598", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981685", "to_ids": true, "type": "sha1", "uuid": "c0d5aaea-02dd-462c-b469-6615658fe5e9", "value": "5a71752cf9ecf8909cf953c96328080a45a77736", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981685", "to_ids": true, "type": "sha256", "uuid": "377ce7be-1059-4479-9e20-c41c6328f0ff", "value": "1bde2b050117d7f27e55a71b4795476decace1850587a17d6cf6fd3fc030ff1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822372", "to_ids": true, "type": "ssdeep", "uuid": "bc5e9c57-002c-4ac4-a5cd-71a12ab8e00b", "value": "1536:doJzu0djpnw+i6n3ZUfSUH9cKh+F3wvgRgbjwrsKZfAI5fxkEu3Tnt3Tf:doJjjpw+FpUfDL+FAL3HaHp83Tt3L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822372", "to_ids": false, "type": "size-in-bytes", "uuid": "592b5abe-c405-485c-8540-fa9fff75e74d", "value": "110872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822372", "to_ids": true, "type": "vhash", "uuid": "b29bef35-8ebd-401b-9d65-62cb1c023d58", "value": "115066655d1d05156az111f&z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822372", "to_ids": true, "type": "filename", "uuid": "34b22c4e-c786-47e7-9aca-7ff0b0d8c67b", "value": "DfASfuyn" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822372", "to_ids": false, "type": "text", "uuid": "7d8275e1-50f7-4c13-b200-e1af042e79c9", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/korplug.DB!MTB\nSentinelOne: None\nVT Total Detection:54/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828398", "uuid": "6a56d501-a596-449c-b3dd-bc3df8908384", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828398", "to_ids": true, "type": "md5", "uuid": "5e8d92cf-88b4-496f-b526-dd97860f3dc7", "value": "72178323bf9214282fa34067b3659bae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823615", "to_ids": true, "type": "sha1", "uuid": "82ffcb15-dd2e-492f-ae41-8623743d0a8a", "value": "2dcec99b2a7436b3ebd869a4b84d882e5df74c79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823615", "to_ids": true, "type": "sha256", "uuid": "a8905750-0dfa-4429-8104-7977432a53ed", "value": "73451742de056d3d06f7c42904651439198df449115f7adb08601b8104bec6fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822393", "to_ids": true, "type": "ssdeep", "uuid": "645566f8-d6d1-426e-a750-ed85be4b3e54", "value": "3072:7xRxWl9Kz55JL6TJkXSsJUViX0QHxi8/YfeziudQyIm21OpU1vXz:7FWUgTJXOnXzN/Yf5udQyS1O+1vXz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822393", "to_ids": false, "type": "size-in-bytes", "uuid": "f4f43c1d-25dc-4937-90e1-11ae3afc3992", "value": "266180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822393", "to_ids": true, "type": "vhash", "uuid": "69c4cb61-6f3b-4661-9e7b-1a39c6b2eec8", "value": "1251476d15555c051d5d1az33?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822393", "to_ids": true, "type": "filename", "uuid": "ba20b107-e2c4-4428-ae5c-c4205b54fbde", "value": "DWTWQQE" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822393", "to_ids": false, "type": "text", "uuid": "2f035210-ff5a-4700-bfdf-0176e6762993", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Malgent!MSR\nSentinelOne: None\nVT Total Detection:51/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828419", "uuid": "b544830b-49d3-478e-8ac4-639b7827111b", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828419", "to_ids": true, "type": "md5", "uuid": "984ab198-0354-4a7a-9aae-aa17fafcd49d", "value": "5f39a964af306f40536aa6ac57b66758", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823617", "to_ids": true, "type": "sha1", "uuid": "c65d3f65-b38b-4cba-80ee-554f69e97f57", "value": "b84a5a5837e8aa5e5c8181f4589f9ad490acb55f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823617", "to_ids": true, "type": "sha256", "uuid": "e24c0467-9f79-4a73-a9f3-5931ea7800b3", "value": "651c096cf7043a01d939dff9ba58e4d69f15b2244c71b43bedb4ada8c37e8859", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822415", "to_ids": true, "type": "ssdeep", "uuid": "48cc9f8b-1f20-4370-a3ab-579b98de68be", "value": "1536:LYzRHigGbjJAQQXKNC6si/I/979qgkGJ01m4PxjvsqrHU+:L8GbqQQXs9sIIhsgpJwQqo+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822415", "to_ids": false, "type": "size-in-bytes", "uuid": "a981e9a9-3a5e-490d-8b36-1ac29e190cf5", "value": "91024" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822415", "to_ids": true, "type": "vhash", "uuid": "003f6411-96e3-4216-9608-0470738150d2", "value": "1940b76d15555c051d5d1az1321&z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822415", "to_ids": true, "type": "filename", "uuid": "e1762481-47c8-422f-a4ff-9dc013cd5936", "value": "AyOyUM" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822415", "to_ids": false, "type": "text", "uuid": "2b2c6e62-6421-4d94-94cc-6b7ddc4200ea", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Korplug!MSR\nSentinelOne: None\nVT Total Detection:55/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828440", "uuid": "0623ba43-3c70-4116-9a10-4e8cd3795533", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828440", "to_ids": true, "type": "md5", "uuid": "fdd4a342-b2b9-46a8-9dcb-ae6982f9f527", "value": "011478f93a06a229d2a2a65320571f5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823618", "to_ids": true, "type": "sha1", "uuid": "10cf905b-55c3-4caf-9ed9-02daa43b521e", "value": "c7e9c45b18c8ab355f1c07879cce5a3e58620dd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823618", "to_ids": true, "type": "sha256", "uuid": "9444e130-ad1c-469b-bf41-285993c60df4", "value": "f8c1a4c3060bc139d8ac9ad88d2632d40a96a87d58aba7862f35a396a18f42e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822436", "to_ids": true, "type": "ssdeep", "uuid": "e01fd78f-5bf7-49b1-a87c-e928ca2dcd2a", "value": "1536:eILxPSv49i/MvqmspYCF79SYkGJY1m4Px8vKqrHU+:ecggpsKAsYpJcvqo+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822436", "to_ids": false, "type": "size-in-bytes", "uuid": "4f5a6228-99be-4a22-b294-64e4ac37cb56", "value": "90512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822436", "to_ids": true, "type": "vhash", "uuid": "700bfd9f-452c-46ac-a011-88e533042225", "value": "1940b76d15555c051d5d1az1321&z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822436", "to_ids": true, "type": "filename", "uuid": "cbc6c6ff-4c7f-4ca7-bc19-3f159ccedbf5", "value": "GMOAPjaTkikm" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822436", "to_ids": false, "type": "text", "uuid": "92e2b26c-593e-4d4b-9196-555998f8affe", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Korplug!MSR\nSentinelOne: None\nVT Total Detection:49/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828461", "uuid": "8659abbe-9fe4-4cd0-81ff-e92f61bf0b25", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828461", "to_ids": true, "type": "md5", "uuid": "f870cf6d-ce03-44d3-8ce9-5dda2d7b787f", "value": "5ff177af80ed012fe64422b7ebd52fbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823620", "to_ids": true, "type": "sha1", "uuid": "08c27ea7-518f-4182-a46f-0af2381b0c7a", "value": "7bb6ca040d2cf1e54038ba730146ed355a7c9d06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823620", "to_ids": true, "type": "sha256", "uuid": "f6800d69-a212-4251-94a0-8c79d70b192e", "value": "288e79407daae7ae9483ef789d035d464cf878a611db453675ba1a2f6beb1a03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822457", "to_ids": true, "type": "ssdeep", "uuid": "a70f00af-4ee3-480e-a414-3301b0f31b5c", "value": "3072:BN2O8w/q4/Fb1wGSLlYCLKAcO/vgdfEmcZTi9n+:mO8wPNdclYiYmvgdfdaH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822457", "to_ids": false, "type": "size-in-bytes", "uuid": "55eac952-d482-43ca-b9ba-96e2cb890f36", "value": "134144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822457", "to_ids": true, "type": "vhash", "uuid": "fda98de6-3143-4f9a-86bc-0761d97ce3f1", "value": "115056655d15156az45?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822457", "to_ids": true, "type": "filename", "uuid": "4cfbe79e-6a30-41f9-9433-08b7a9042598", "value": "SBwVNUWIv" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822457", "to_ids": false, "type": "text", "uuid": "3b9e409e-b652-483c-934c-ca86ecd9eaf5", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Korplug.GMN!MTB\nSentinelOne: None\nVT Total Detection:51/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828482", "uuid": "31bc5f16-794b-4a86-9566-34d7d9a32f0f", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828482", "to_ids": true, "type": "md5", "uuid": "6f24423a-7bb5-4e61-b7ab-94b1f4f7f672", "value": "4585503e498889bf80c22ed7da698fe6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823621", "to_ids": true, "type": "sha1", "uuid": "80c8025c-7e71-4881-8ecb-759ae6820b71", "value": "4c08664b601e3de3e306bdf8b88ff0e96caafcc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823621", "to_ids": true, "type": "sha256", "uuid": "c7584ecf-c5b7-4e24-a78f-18adf539f7e3", "value": "ee9c935adae0d830cdc0fccd12b19c32be4f15dffcf454a9d807016ce59ff9a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822479", "to_ids": true, "type": "ssdeep", "uuid": "d6bf0a8e-6621-427a-9807-485d83ea65b4", "value": "3072:LN2O8mq4/Fb1wGSLlYCLKAcO/vgdfMmcZTi9uu:0O84NdclYiYmvgdflam" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822479", "to_ids": false, "type": "size-in-bytes", "uuid": "1f5be4f0-1174-4ddb-a76f-03ae346d7c7d", "value": "134144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822479", "to_ids": true, "type": "vhash", "uuid": "9bff131c-00c4-47da-b16f-23a224bf0bb8", "value": "115056655d15156az45?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822479", "to_ids": true, "type": "filename", "uuid": "8a83b6a1-cd4a-4e7c-a460-7b8e4917af4d", "value": "QwoWUZrCav" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822479", "to_ids": false, "type": "text", "uuid": "3803bfef-2db1-422c-9371-38c159643aaf", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Korplug.GMN!MTB\nSentinelOne: None\nVT Total Detection:55/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828504", "uuid": "e923c44b-2616-46f6-b877-9b4906fbd6f6", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828504", "to_ids": true, "type": "md5", "uuid": "a9b4678a-5bb9-4d87-b70d-bf21c2923aea", "value": "46c7df4387eac84be4e81e40cde0d9ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823623", "to_ids": true, "type": "sha1", "uuid": "4417c269-9a7f-4126-aa1b-7e9989bbd959", "value": "7dbb43023a78a1c8eb3412e2463454cece664d41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823623", "to_ids": true, "type": "sha256", "uuid": "e1c4230a-b3fe-4ac8-b1a9-f91c91b9193c", "value": "c5aa22163eb302ef72c553015ae78f1efe79e0167acad10047b0b25844087205", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822500", "to_ids": true, "type": "ssdeep", "uuid": "8cf91059-24d1-4c6c-bcc8-3f401c410cf5", "value": "3072:GqSDk04OowLieJk5hNNvHmJjtxiVCEfeziQXJyMrJEL81vXw:GRg08leJqmtKCEf5QXJysG81vXw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822500", "to_ids": false, "type": "size-in-bytes", "uuid": "256fc12a-2247-4926-b328-92637a84ec89", "value": "266196" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822500", "to_ids": true, "type": "vhash", "uuid": "64db0158-5e39-4cb0-9106-d1d65630a783", "value": "1251476d15555c051d5d1az33?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822500", "to_ids": true, "type": "filename", "uuid": "b7492be4-5b0f-4aab-ad5e-1f3db0e4473b", "value": "tozGsYmFrLwF" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822500", "to_ids": false, "type": "text", "uuid": "20754f63-8f98-46ef-86ea-424999fd9f81", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Malgent!MSR\nSentinelOne: None\nVT Total Detection:52/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828525", "uuid": "59cc7dd0-9e24-425d-a445-af5ebd0add77", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828525", "to_ids": true, "type": "md5", "uuid": "0bd95c04-d8ad-4533-9d44-6352ee01b5b6", "value": "7ce04c9b2232823200b7e9d96466288e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823624", "to_ids": true, "type": "sha1", "uuid": "d7f2d704-d44e-4bef-9ac1-febbbc31fa61", "value": "40fcc2c65cfef2e2e32e06048186e3369d570a98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823624", "to_ids": true, "type": "sha256", "uuid": "219db8fb-e4b0-48ef-b6d1-ef9e8b719ab1", "value": "1a37289c70c78697b85937ae4e1e8a4cebb7972c731aceaef2813e241217f009", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822522", "to_ids": true, "type": "ssdeep", "uuid": "42345330-6e16-4fee-a780-0748e3f15408", "value": "3072:+92KQYfgS3ssLyqJk4Q5zXLCdPVxiROKfeziUfVyTzOdin1vXc:GVQQfspqJp8CVWOKf5UfVyedin1vXc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822522", "to_ids": false, "type": "size-in-bytes", "uuid": "9e38083b-8ff3-4757-97f6-1c401fb2169f", "value": "266266" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822522", "to_ids": true, "type": "vhash", "uuid": "3c1d2315-8b8a-4536-bc11-b238f307bfe3", "value": "1251476d15555c051d5d1az33?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822522", "to_ids": true, "type": "filename", "uuid": "304ac8ab-aa5f-4103-bc9f-daac2d238209", "value": "LiPifemwQsa" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822522", "to_ids": false, "type": "text", "uuid": "6d6988bf-17ba-4110-8330-cb4ba2d0dcbe", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Malgent!MSR\nSentinelOne: None\nVT Total Detection:53/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828546", "uuid": "be7f344d-3d97-493e-8749-b7cac42a6a6a", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828546", "to_ids": true, "type": "md5", "uuid": "488e9763-9fe4-4570-bfde-b2d8f91a1a79", "value": "3d185e12ce7e5e8664ffa56743db8b39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823625", "to_ids": true, "type": "sha1", "uuid": "00ee7804-3d42-4e51-8aaf-6c0f00542792", "value": "1da79f436b186a97840a8a4125fb9e717ad64e88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823626", "to_ids": true, "type": "sha256", "uuid": "8172abc4-b77c-4958-bbeb-5bfd4e1228bd", "value": "49c32f39d420b836a2850401c134fece4946f440c535d4813362948c2de3996f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822543", "to_ids": true, "type": "ssdeep", "uuid": "e85af54e-d315-43d0-bb04-daa6f3e9e5b4", "value": "3072:AXx/KIz3YWA4LyWJkpk0Xv/uhL9xit6DfeziOXxySkSKL1vX+:Ah/pc9WJKuty6Df5OXxy2KL1vX+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822543", "to_ids": false, "type": "size-in-bytes", "uuid": "a3b799fe-e084-40b5-8a37-6c4061545130", "value": "266279" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822543", "to_ids": true, "type": "vhash", "uuid": "fc20f7da-e962-4a1f-9cd4-c8984013ff9b", "value": "1251476d15555c051d5d1az33?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822543", "to_ids": true, "type": "filename", "uuid": "885f214f-5bcd-4852-a0bc-7abc3e4ab8ea", "value": "nhEtpBLrjG" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822543", "to_ids": false, "type": "text", "uuid": "b61b8d37-bba8-4f3f-9780-290f306dbe89", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Korplug.VV!MTB\nSentinelOne: None\nVT Total Detection:52/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828567", "uuid": "46a1680e-bd8a-401c-b3ab-f262cbbc31dc", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828567", "to_ids": true, "type": "md5", "uuid": "568f61b3-7b11-491c-a2b0-0c078c717930", "value": "ba21e11dbaccb64f84191e4f57f137e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823626", "to_ids": true, "type": "sha1", "uuid": "fb046189-4f1d-4406-bdf9-7efdcefaa2fd", "value": "e5579fadcbc5ae4d68270c1bc59e30ff4c86a842", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823626", "to_ids": true, "type": "sha256", "uuid": "2618545d-da2e-4f70-a466-ef2d32afb8dd", "value": "83946986b28fd8d04d59bab994cd2dc48e83b9711a8f453d8364c2ad27ea0254", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822565", "to_ids": true, "type": "ssdeep", "uuid": "7adc7201-14e9-4c8c-ac3e-027f19c2687e", "value": "3072:OHcAX/OoMn5VKNn3Awc5AMj+OLQv/muiG2Wr2vMXBuEE:7I0cn3cPj6/JixWr34E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822565", "to_ids": false, "type": "size-in-bytes", "uuid": "4fdc6d80-41d8-4f33-bf62-8f486fa5c32b", "value": "240640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822565", "to_ids": true, "type": "vhash", "uuid": "62f1d54d-e314-4bea-8dbd-0ed30bbd673b", "value": "1250e665551d1d0515655az111f&z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822565", "to_ids": true, "type": "filename", "uuid": "436d3b01-572c-4824-a543-345280901d7f", "value": "DATID" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822565", "to_ids": false, "type": "text", "uuid": "fe060cd0-e2c0-48b7-8030-5567a090094c", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/korplug.DB!MTB\nSentinelOne: None\nVT Total Detection:41/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828589", "uuid": "802598c9-426e-4e5a-80ae-c618ef4af259", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828589", "to_ids": true, "type": "md5", "uuid": "765d9081-aded-4bb5-a0e5-2c37973924cf", "value": "38c1d1ba77362568d6259d0eb7a1de81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823627", "to_ids": true, "type": "sha1", "uuid": "b1133f3d-193b-458f-a60b-df1c10be651d", "value": "5e10a4551f60efaa091f6555abbb0a23e4e2ea21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823628", "to_ids": true, "type": "sha256", "uuid": "091310ce-ac05-48f2-8a4a-533f34ad5d05", "value": "ade0b5cfedfa73252ec72deee7eb79e26380e2e50b47efcfe12350c9a255bb66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822586", "to_ids": true, "type": "ssdeep", "uuid": "bbc91ac0-5914-432e-be90-e41909b2dba9", "value": "3072:x8k1isKqegeviLWEJkFFBT9EPFFxi70rfezixScnys9ZvWd1vXT7:xHosKpTEJaEdw0rf5xScnyOOd1vXv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822586", "to_ids": false, "type": "size-in-bytes", "uuid": "dae0f67b-817a-4116-b373-1b81ebd226dd", "value": "266218" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822586", "to_ids": true, "type": "vhash", "uuid": "083a8183-95b5-40ff-8174-0140e39e55bb", "value": "1251476d15555c051d5d1az33?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822586", "to_ids": true, "type": "filename", "uuid": "c398a463-ba64-4f2d-9f98-a2fd6c18aa18", "value": "GuCzHgzddaog" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822586", "to_ids": false, "type": "text", "uuid": "fcc5f93b-46b8-47d0-9577-57403a0a5f28", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Korplug.VV!MTB\nSentinelOne: None\nVT Total Detection:52/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981685", "uuid": "378660dc-dfa0-4f1a-a102-7383b5263d42", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981685", "to_ids": true, "type": "md5", "uuid": "54361a78-c2f0-4771-a1a3-6d9b3a2611e8", "value": "ccbe1d6e56a70bc67fccd23dac4d650e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981685", "to_ids": true, "type": "sha1", "uuid": "200636e9-aafa-401b-bd32-94ef213bdad2", "value": "d9d46f547349920c888c36232dfb7766736cff72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981685", "to_ids": true, "type": "sha256", "uuid": "35b7f766-650b-4cb3-9e05-e7f6e0a4c3bc", "value": "b63f51537957572c43c26fc8e9088361978ee901df4b8e67d48843c4fb7c027b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822607", "to_ids": true, "type": "ssdeep", "uuid": "9fa6bfb7-c554-4e0c-91f5-8f5629e18abf", "value": "3072:A64jQuoYLqeJkJZ/P/OBj9xiNSGfeziYvhy8rygvHcs1vXN:AJEteJKO9OSGf5Yvhyvg/cs1vXN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822607", "to_ids": false, "type": "size-in-bytes", "uuid": "0734f2ce-b050-411c-8d90-7bc7224a133c", "value": "266186" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822607", "to_ids": true, "type": "vhash", "uuid": "328dd7cc-66c2-41b8-936d-49cd19f2360f", "value": "1251476d15555c051d5d1az33?z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822607", "to_ids": true, "type": "filename", "uuid": "aa30d453-c4bb-474c-9501-3d81fbb0b678", "value": "HbAvZLnYsGi" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822607", "to_ids": false, "type": "text", "uuid": "6ee864f3-53e3-418a-89a1-f4c86a0c657b", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/Korplug.VV!MTB\nSentinelOne: None\nVT Total Detection:53/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828631", "uuid": "cee834ef-09ac-49dd-9127-e660fcacf82d", "Attribute": [ { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828631", "to_ids": true, "type": "md5", "uuid": "283b0039-f786-49cf-8fd2-e16f37e7e504", "value": "7f091aac694a1cdc6060f474999c5c96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823631", "to_ids": true, "type": "sha1", "uuid": "178163ff-0e99-45ef-bd7c-875607a25f2c", "value": "3d60ae2d85c3370aefe2ce75d59bcbd6bd5143f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DLL file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823631", "to_ids": true, "type": "sha256", "uuid": "cd8314ee-30a6-4c55-9f05-70d068ba7c7a", "value": "557f04c6ab6f06e11032b25bd3989209de90de898d145b2d3a56e3c9f354d884", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822629", "to_ids": true, "type": "ssdeep", "uuid": "c4e8222a-69f1-4c06-94d6-fa383ae850fe", "value": "1536:AjHl9A/Redu7h5hHBRQdxDACMps4lDyBgdAnGMfduEuJ673QS:AjO8KNH+0Cys4w+WGMVKJI3Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822629", "to_ids": false, "type": "size-in-bytes", "uuid": "78de7108-021c-43e1-8b5e-447c5ee782a5", "value": "81408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736822629", "to_ids": true, "type": "vhash", "uuid": "c3dad0e1-302c-45d7-85a3-0305f698bc58", "value": "184066655d1d05156az111e&z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822629", "to_ids": true, "type": "filename", "uuid": "dfa76005-158f-410d-a67c-d196695cf45f", "value": "DATID" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822629", "to_ids": false, "type": "text", "uuid": "3e80069d-b975-4c83-9618-1a84e9cf2381", "value": "DLL file\r\nType Description: Win32 DLL\nSymantec: ML.Attribute.HighConfidence\nMicrosoft: Trojan:Win32/Casdet!rfn\nSentinelOne: None\nVT Total Detection:45/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828652", "uuid": "71dd090d-f297-40df-9295-59324abefcb2", "Attribute": [ { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828652", "to_ids": true, "type": "md5", "uuid": "2df88e3c-c165-4317-ab59-f714a2d6a9f7", "value": "ad94326af3736562be6d699ae3122e5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823632", "to_ids": true, "type": "sha1", "uuid": "43003bfb-d820-4908-9fd4-71f97e0ea082", "value": "3feb4de73a693bc2fd50fd3bbfc7dfe2361b5096", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823632", "to_ids": true, "type": "sha256", "uuid": "86018d6c-5b3d-4d5b-8e14-880d72ce41f8", "value": "095855cf6c82ae662cce34294f0969ca8c9df266736105c0297d2913a9237dd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822650", "to_ids": true, "type": "ssdeep", "uuid": "9eb4bf49-2f70-4dec-98e4-eb7b2250f669", "value": "12288:38YV+3lD1jM0mVtJwP7i+e1nZ++b8UlBSFII8iV/PSc7hEYNJtm5eg:38NNLmwP7i+e10o8cMI6HSc7aYntm7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822650", "to_ids": false, "type": "size-in-bytes", "uuid": "afd04c14-ce64-4ef4-8c9e-49d91f978db1", "value": "1057056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822650", "to_ids": true, "type": "filename", "uuid": "98bb4f94-40b5-4764-a0fd-0150c677ed69", "value": "NoteLogger.dat" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822650", "to_ids": false, "type": "text", "uuid": "95b50359-aea6-4526-9114-0a250cbe95b1", "value": "Encrypted Payloads (DAT)\r\nType Description: unknown\nSymantec: Trojan Horse\nMicrosoft: Backdoor:Win32/Doplugs!MSR\nSentinelOne: None\nVT Total Detection:11/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828673", "uuid": "168b0b71-b34b-464e-93ba-89ffd5162d7e", "Attribute": [ { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828673", "to_ids": true, "type": "md5", "uuid": "d7f7a24a-38f6-4a91-80e9-9a8b0c97ee13", "value": "b143e9814f3ce07fa7176ecdd4dfda89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823634", "to_ids": true, "type": "sha1", "uuid": "a618bfb2-1616-4b06-9a86-1b05eea9a0a0", "value": "cb8314e9a25116f698ea74300cfdb35855f48905", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823634", "to_ids": true, "type": "sha256", "uuid": "534c1407-8e69-4572-891b-35b2a9a198b0", "value": "908ff3a80ef065ab4be1942e0d41583903f6aac02d97df6b4a92a07a633397a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822925", "to_ids": true, "type": "ssdeep", "uuid": "fe77817e-1083-492e-9caf-a193a810e1da", "value": "12288:55/JwSKb2ls3hKhAYshuhgrzYfJowtpJZ2l5hZXYA39ceh/nvIdqMmGLP:55/JxKb2lNauivYfywtpJo9ZXn2ehPw/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822925", "to_ids": false, "type": "size-in-bytes", "uuid": "fd857453-95d5-4a77-b709-249d75e229cf", "value": "736000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822925", "to_ids": true, "type": "filename", "uuid": "87383c09-bdb6-4157-91b4-febfd08d9cf2", "value": "QXNFiYUZCw" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822925", "to_ids": false, "type": "text", "uuid": "2e4024a4-fb56-4c5b-b936-7d640fdfa6ff", "value": "Encrypted Payloads (DAT)\r\nType Description: unknown\nSymantec: Trojan Horse\nMicrosoft: Trojan:Win32/WinLNK!MSR\nSentinelOne: None\nVT Total Detection:13/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828694", "uuid": "0a952298-53b0-4b27-9518-41f9053fbeea", "Attribute": [ { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828694", "to_ids": true, "type": "md5", "uuid": "eda442ae-3d22-4cc2-9d00-f6c9311cbf25", "value": "ed841f0e2e4a322b5e4ba3d514c07dac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823635", "to_ids": true, "type": "sha1", "uuid": "6e1aeaf7-0c7d-4e5a-a756-a7a3c911b3bb", "value": "1429441a6da95eef693a5ffce8b72526040d2315", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823635", "to_ids": true, "type": "sha256", "uuid": "2751fb2a-3249-45bc-b21f-ecc1ff1557f3", "value": "a5cd617434e8d0e8ae25b961830113cba7308c2f1ff274f09247de8ed74cac4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736822947", "to_ids": true, "type": "ssdeep", "uuid": "2cb091e6-1654-44b8-b54f-a540025520cb", "value": "24576:Colf8tT6nuZlJH9mE/ZXCxxcCu+JM4Y2T6Cf3:Colf896nuZH/VCxxpM62Cf3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736822947", "to_ids": false, "type": "size-in-bytes", "uuid": "f8639768-85fc-40a4-938d-b5228dfcf53f", "value": "823249" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736822947", "to_ids": true, "type": "filename", "uuid": "e186a71d-811d-43ba-86bd-1deac68a3cc3", "value": "seQZuo" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736822947", "to_ids": false, "type": "text", "uuid": "36efde66-b4e8-4252-9ee6-2c4fc1b7b73d", "value": "Encrypted Payloads (DAT)\r\nType Description: unknown\nSymantec: Trojan Horse\nMicrosoft: Backdoor:Win32/Doplugs!MSR\nSentinelOne: None\nVT Total Detection:14/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828716", "uuid": "ca0a312d-0c9d-4b06-8880-e512e6cc1d61", "Attribute": [ { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828716", "to_ids": true, "type": "md5", "uuid": "ae0b6f20-9770-4bf2-a6a1-2bc4aaf846f0", "value": "d55000e2cae6781323ce121622529394", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823636", "to_ids": true, "type": "sha1", "uuid": "f196c81f-ab83-4e34-8e15-86393880a656", "value": "f4891f1997b460170673edff6bc69f2f2fe814a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823637", "to_ids": true, "type": "sha256", "uuid": "d067468f-f032-4b63-b770-608d7a81cad9", "value": "d188e877066f0932440d4cd8e8e2e856d7b92d40b475b7c0f0c996b34a2847a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823010", "to_ids": true, "type": "ssdeep", "uuid": "71a0f697-e70a-4199-b4c4-c96187074e04", "value": "12288:4Nf+9O7JDZmDPjvEEvH1bFheazlyziEsJwgFxAot2pCTtqSWofb:+fzUPjvEE/1jeClyzizwgF2OM8qSWoz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823010", "to_ids": false, "type": "size-in-bytes", "uuid": "3028ebf9-1b98-4a42-a634-b343cfd744d8", "value": "689342" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823010", "to_ids": true, "type": "filename", "uuid": "9fc3dcaa-7101-4c62-9bdf-967b3551144d", "value": "asovubQrUv" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823010", "to_ids": false, "type": "text", "uuid": "3da26083-70e7-4948-9af3-f087b64f2381", "value": "Encrypted Payloads (DAT)\r\nType Description: unknown\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:3/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828737", "uuid": "89bbc33b-0db2-4495-adbb-2912d20d03b7", "Attribute": [ { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828737", "to_ids": true, "type": "md5", "uuid": "9684cd6e-a244-4bc8-b9c6-8657c2c65429", "value": "7e5d2cd638e7e486523bcb897abfc4a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823638", "to_ids": true, "type": "sha1", "uuid": "bb5bf5c0-87b1-4cca-8b13-08cb52964894", "value": "db32a948781e2cc08b33811334474726e81df97c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823638", "to_ids": true, "type": "sha256", "uuid": "54331189-9b5e-461a-9e81-5fb693f039ca", "value": "37c7bdac64e279dc421de8f8a364db1e9fd1dcca3a6c1d33df890c1da7573e9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823031", "to_ids": true, "type": "ssdeep", "uuid": "c749af94-5914-4a07-95aa-f3e85f435337", "value": "12288:0DsLzxAbsAXebpI9/CSZl2+b7RaS95v3QM5TBpLaewiGcb:05bssIq9/JZU+bdPvfT3JNGi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823031", "to_ids": false, "type": "size-in-bytes", "uuid": "093f56da-bd07-4ebf-8e36-8be2394c8308", "value": "689342" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823031", "to_ids": true, "type": "filename", "uuid": "732be4e0-24f5-43af-b493-a1557f7a218e", "value": "ihItRPL" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823031", "to_ids": false, "type": "text", "uuid": "9a469a51-2ec7-40a5-b1bf-4d9a5cb4e2f5", "value": "Encrypted Payloads (DAT)\r\nType Description: unknown\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:3/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828758", "uuid": "a6b930c3-ae86-4af5-9ab9-a8f7d2fda608", "Attribute": [ { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828758", "to_ids": true, "type": "md5", "uuid": "56c61e8b-d009-4cbf-9ee2-74b8740e57bc", "value": "d2a3ac24ab36000fd59eb35de26af853", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823639", "to_ids": true, "type": "sha1", "uuid": "cf58fbba-060b-4722-9617-423298f1cf4e", "value": "0c19b28bc4690cc297dd101932cb570c4a242ace", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823639", "to_ids": true, "type": "sha256", "uuid": "7320e61b-df37-4d7c-9e10-6112f3f3fecf", "value": "6e07e37618f57ac1930865e175d49ef1bf85aa882ffbd30538f55f64d024085b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823053", "to_ids": true, "type": "ssdeep", "uuid": "36e7e664-033e-4885-89dd-b45e69fca55e", "value": "12288:vfjMTBG/2zv67J8rFYH5xVDmP0+v/jTfdO5LypnhN9MtoTaB0rJXb:vATBG/2zv6t8RYH5xNG0QTfdO5LYhN9x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823053", "to_ids": false, "type": "size-in-bytes", "uuid": "3d661c18-f633-44fa-a96c-12cd40761e78", "value": "689342" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823053", "to_ids": true, "type": "filename", "uuid": "9ad46ebf-38b2-47cb-9da8-f10514d7e49c", "value": "OhnqZcc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823053", "to_ids": false, "type": "text", "uuid": "0e4e6042-ddc5-4251-9152-229cc66f1a5d", "value": "Encrypted Payloads (DAT)\r\nType Description: unknown\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:3/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828779", "uuid": "aad4812d-207d-412b-b7af-388272e637da", "Attribute": [ { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828779", "to_ids": true, "type": "md5", "uuid": "85dcda15-b751-4c12-a9bf-3331790b8dab", "value": "bf2ca4d4d7ceafb8cd6d7a9cc5ac5d8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823641", "to_ids": true, "type": "sha1", "uuid": "94a2f80b-c27c-4482-b436-5d660282867e", "value": "efb4beea4218d316415841a644c939b94e2e0879", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823641", "to_ids": true, "type": "sha256", "uuid": "b14cce02-b8df-4fc9-aced-593c6627cbda", "value": "58a73d445f6122c921092001b132460bb6c1601dc93ecfaabe5df2bf0fef84de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823074", "to_ids": true, "type": "ssdeep", "uuid": "6a5e3716-5aca-4130-bdcb-b499d628ea0e", "value": "12288:gJt2tEXH8V6HsNAIqChWWquUbDWyzhBQfGCNqIjtPqD4hRCwZRZ6IHOWtd:O7c5HRrUbyUhBQFxjRlhz7ZT/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823074", "to_ids": false, "type": "size-in-bytes", "uuid": "ce356fd7-44c0-48b2-8738-4c1537bc5805", "value": "671232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823074", "to_ids": true, "type": "filename", "uuid": "e6215194-e714-419e-9028-bd358605bae7", "value": "DLLID" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823074", "to_ids": false, "type": "text", "uuid": "a8264c6e-afa7-4780-ae71-924f1e682694", "value": "Encrypted Payloads (DAT)\r\nType Description: unknown\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:16/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828800", "uuid": "f41b11ba-a62f-4208-9343-24e0b7971f98", "Attribute": [ { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828800", "to_ids": true, "type": "md5", "uuid": "82e55720-2408-4ac4-bfeb-0508d62dfb66", "value": "0280ec45674ac4c2012a99f4882c289a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823642", "to_ids": true, "type": "sha1", "uuid": "ca5ec0dd-8d5d-4a5d-9fbc-c71be80e8acd", "value": "97f089fe39bb5ecc312edfa28b45f8e7ab1f48ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823642", "to_ids": true, "type": "sha256", "uuid": "a1e093a7-e698-4a87-a907-7c9f23aa1532", "value": "9afddc7ff0a75975748e5dc7d81eee8cd32be79ca32edfebd151a376563e7d4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823096", "to_ids": true, "type": "ssdeep", "uuid": "576f516f-876f-4a3a-a452-d4d28fdb5fb1", "value": "49152:hGBI5VBZFEvQI1rHFbiITgOFTDEBhsoWVFWNNmAC6eRoXa:hGBI3BZF+F3ZEBhsXVCNmAHeyXa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823096", "to_ids": false, "type": "size-in-bytes", "uuid": "6d096423-ede0-4d0c-8e80-9dbb0fea1958", "value": "2085663" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823096", "to_ids": true, "type": "filename", "uuid": "a0301292-62d6-4e0d-881e-60366fbcfa79", "value": "shIspW" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823096", "to_ids": false, "type": "text", "uuid": "d5b23c18-24e0-41d2-890e-bc5afb71e0f6", "value": "Encrypted Payloads (DAT)\r\nType Description: unknown\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:3/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828822", "uuid": "2c5edac1-bd41-4b73-82f6-24b5d14ce9fb", "Attribute": [ { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828822", "to_ids": true, "type": "md5", "uuid": "40bcdc30-3694-4489-a9ac-f3a9f6da1f71", "value": "a683e98fa5a9ed0854d7befe8399fa23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823643", "to_ids": true, "type": "sha1", "uuid": "7e60d49a-6259-469c-a684-081de1c182ae", "value": "d30037da4be7d1cd173bbf8e1140b8ceed81a0f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823643", "to_ids": true, "type": "sha256", "uuid": "64c95d00-700e-439c-9fb4-5be6ca32b1e4", "value": "9333cc552193cfe9122515e3d7b210de317c297f1c09da5180b3a7f006d94fe4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823117", "to_ids": true, "type": "ssdeep", "uuid": "d33dc574-7895-466c-85e7-136e586d8f8a", "value": "24576:8NPh6GjTGM5Cm7RCSQ3LDD7oNUOBgrs1yR0u:8N5bYm7RcDD0rBgrs1yRD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823117", "to_ids": false, "type": "size-in-bytes", "uuid": "b3c31778-05d5-4040-af8c-d55d5e7ddcf5", "value": "1067824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823117", "to_ids": true, "type": "filename", "uuid": "e9876afd-028c-44fe-aeb3-0fa0c7947ab0", "value": "wQgSTiQiwH" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823117", "to_ids": false, "type": "text", "uuid": "e0a1083c-77bc-409c-a8fc-339238f6e2de", "value": "Encrypted Payloads (DAT)\r\nType Description: unknown\nSymantec: None\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:0/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828843", "uuid": "db4863d8-c7db-4337-aeea-3c87cdb5f549", "Attribute": [ { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828843", "to_ids": true, "type": "md5", "uuid": "203230b5-5fc0-49e9-b7e4-1655de59151c", "value": "668eabf955e88342dd85f157890b105e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823645", "to_ids": true, "type": "sha1", "uuid": "c8e6a509-fa21-4597-abb8-bebb48a1caad", "value": "0cf5f380bb344fff89d3574151b3f5f555461baa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Encrypted Payloads (DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823645", "to_ids": true, "type": "sha256", "uuid": "ae1cac3b-d59d-4473-aa11-4ecf28716bd2", "value": "3552708726f50ee949656e66a4a10da304bae088fa1b875bfab9e182b6ec97f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823139", "to_ids": true, "type": "ssdeep", "uuid": "0a840276-b1c5-4c4f-94f3-4366c8f363bb", "value": "12288:qSlZEeriJxry54IX3uz/QmhxxGkLc5ilO8nujvRB6Vjy7vb:jaJOTX3uMFE/nujk+7D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823139", "to_ids": false, "type": "size-in-bytes", "uuid": "d6ece2ea-3e31-48d5-a0b8-0bc340698f3c", "value": "689342" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823139", "to_ids": true, "type": "filename", "uuid": "05ddc431-2b13-4ae2-85d3-897a29cd4777", "value": "KKYUylF" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823139", "to_ids": false, "type": "text", "uuid": "039de42e-006f-412e-ab62-e18e91ffbfff", "value": "Encrypted Payloads (DAT)\r\nType Description: unknown\nSymantec: Trojan Horse\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:1/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828864", "uuid": "76eb31f8-967d-446e-ba71-1b65c271e4fc", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828864", "to_ids": true, "type": "md5", "uuid": "5e1eda21-c422-4e7c-b872-b8cf7b8fe619", "value": "32c26797ab646074a2bb562f9d10adb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823646", "to_ids": true, "type": "sha1", "uuid": "252c073d-b5b5-4bbc-ae39-0f7dbf7609ee", "value": "f478d70bc193f7c24da563e9eda7eb86239bbe12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823646", "to_ids": true, "type": "sha256", "uuid": "302c5296-52e1-43e1-b13d-c1f5d07db61e", "value": "b9836265c6bfa17cd5e0265f32cedb1ced3b98e85990d000dc8e1298d5d25f93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823181", "to_ids": true, "type": "ssdeep", "uuid": "628d3232-e7ec-4e1b-be0f-861ea04e4570", "value": "1536:dhuj613xVERddHGFnUhZYcXEfOxB4hSUFPsooHtXErrrp5fiM84PqrHU+:3uj67q5anU8cXEfOxB4rPsoYtXErrrPC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823181", "to_ids": false, "type": "size-in-bytes", "uuid": "f186a58d-dfff-4e60-9ca8-adf4af16fd8f", "value": "97680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736823181", "to_ids": true, "type": "vhash", "uuid": "06f0ffa7-e0c4-4421-b6ef-291373fa40ca", "value": "0940466d15656az33mz39az291z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823181", "to_ids": true, "type": "filename", "uuid": "ede0adae-f106-4616-8da1-35799cca8dde", "value": "OneNoteM.exe" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823181", "to_ids": false, "type": "text", "uuid": "f867628f-e5f7-429e-8295-334bf4257c39", "value": "Legitimate Executable\r\nType Description: Win32 EXE\nSymantec: None\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:0/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828885", "uuid": "e3a4a33b-7a08-4ef5-8a9c-457639520379", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828885", "to_ids": true, "type": "md5", "uuid": "7b7379e9-57db-4e7d-8b24-b1d2b46b3655", "value": "4ec8ac4b2b5ff0e396fa23f32d602f59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823647", "to_ids": true, "type": "sha1", "uuid": "e79ea8b4-e4a2-4cfa-8e45-0943631e68cb", "value": "387b59ae38e649f1874c7f39ce794d6a012f06d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823648", "to_ids": true, "type": "sha256", "uuid": "6659ad7e-d821-48a8-80d9-506a65fcf95b", "value": "87d0abc1c305f7ce8e98dc86712f841dd491dfda1c1fba42a70d97a84c5a9c70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823203", "to_ids": true, "type": "ssdeep", "uuid": "7cab613e-7072-433c-b9bf-2338a9727919", "value": "192:ahWl6AbPWz6OFNEWWLWo6Zo3Io6opz+Hz+ehjuOu39DKmHj7c1G:ao7bPzJWWLWFZ0nhu1jRaeWk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823203", "to_ids": false, "type": "size-in-bytes", "uuid": "1e13273f-f89e-4235-b5d6-0d0031701e0b", "value": "20872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736823203", "to_ids": true, "type": "vhash", "uuid": "69deca73-f60e-4f6a-9fad-3c18d307b73b", "value": "0240465d15151bze1?z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823203", "to_ids": true, "type": "filename", "uuid": "632f6553-dbbd-4ee6-b735-f2f227e2ce81", "value": "INKFORM.EXE" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823203", "to_ids": false, "type": "text", "uuid": "cd7355a1-57a7-47b8-b5ad-9f522f3dea9f", "value": "Legitimate Executable\r\nType Description: Win32 EXE\nSymantec: None\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:0/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828906", "uuid": "4d9c2bf7-fda8-4ed9-a8ce-3bc7882356b5", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828906", "to_ids": true, "type": "md5", "uuid": "069880d3-1798-4234-9f0d-c2c668a841d5", "value": "eb20a5e9cc6a13a5044999e8d4047144", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823649", "to_ids": true, "type": "sha1", "uuid": "93d8d704-20b1-431e-b77b-ab589988bccc", "value": "9cecf5e09e052663a4b3c965499c8ea506f6eb7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823649", "to_ids": true, "type": "sha256", "uuid": "06b4c9e9-c353-43a6-8d83-f7fa609d6e22", "value": "d27c5d38c2f3e589105c797b6590116d3ec58ad0d2b998d2ea92af67b07c76b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823225", "to_ids": true, "type": "ssdeep", "uuid": "0bab7b0e-3337-4b99-912e-813661aaf6d2", "value": "49152:3UVWnT0p4SHxVOtxSWIo5ic8qOIRa2+KcHHKGXTPTTO7Pvv2mDJV98G:E4ZxlIosc8wRGLbQvvN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823225", "to_ids": false, "type": "size-in-bytes", "uuid": "6f56fad7-1afa-4d4c-b8ad-f2e0cc8a7809", "value": "3565840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736823225", "to_ids": true, "type": "vhash", "uuid": "d9d14193-8dc0-4d43-a023-912f8df51cf5", "value": "0360a6665d6c0d5d1c05103242z65002e024z10035z23z303dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823225", "to_ids": true, "type": "filename", "uuid": "579d55f6-e666-46f5-9785-41bf9cbe39b1", "value": "BMlhcBgANc" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 12/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823225", "to_ids": false, "type": "text", "uuid": "60ec5a3e-e042-4c66-9dbd-19413c9ec822", "value": "Legitimate Executable\r\nType Description: Win32 EXE\nSymantec: None\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:0/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828928", "uuid": "7e40c3d4-ba78-4c25-a3e5-efe4629e47d9", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828928", "to_ids": true, "type": "md5", "uuid": "ae678bb3-8c07-4411-beb1-7f8a036f8f6e", "value": "084fe5e54dbf4d7287b48c5695d02d17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823650", "to_ids": true, "type": "sha1", "uuid": "9c2c1ce9-3461-44bb-ae66-311e807e0a38", "value": "58a2693e67491569e9c8f17730159c64ffb5e6dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823650", "to_ids": true, "type": "sha256", "uuid": "b88ab7b2-0ba7-465a-be37-fbc1bd9b9fdc", "value": "282fc12e4f36b6e2558f5dd33320385f41e72d3a90d0d3777a31ef1ba40722d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823247", "to_ids": true, "type": "ssdeep", "uuid": "11d64f59-a673-4dc0-bbf5-0f3b0c00d184", "value": "49152:28ZN0yNSiX5bYHlMVxGPw7nWokw7nWovDyK:/alMVxGPEnWokEnWot" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823247", "to_ids": false, "type": "size-in-bytes", "uuid": "bbe78655-4149-40d3-a986-2d9c0c5cd69e", "value": "1775384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736823247", "to_ids": true, "type": "vhash", "uuid": "78b3fb58-28c0-4244-8dd7-bd85472db0dc", "value": "016066655d5d05551088z76mz18fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823247", "to_ids": true, "type": "filename", "uuid": "02f61749-a4eb-4d3b-9a9f-9ca9f7b4985f", "value": "LDeviceDetectionHelper.exe" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823247", "to_ids": false, "type": "text", "uuid": "33773d70-7686-40da-81c4-46d69f4578cd", "value": "Legitimate Executable\r\nType Description: Win32 EXE\nSymantec: None\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:0/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981685", "uuid": "20056756-262f-4d55-afdf-c1e88b5e7b38", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981685", "to_ids": true, "type": "md5", "uuid": "601e93c3-18ea-48b5-b20b-90283ce00749", "value": "e6a65bccc172345cd69f04d4ef4d5ee0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981685", "to_ids": true, "type": "sha1", "uuid": "e29f6eb6-174b-4826-afd8-f27e1bd4d649", "value": "f35ce62abeedfb8c6a38ceac50a250f48c41e65e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate Executable", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981685", "to_ids": true, "type": "sha256", "uuid": "cb697698-8e12-40da-bf0a-cf0991ecfa1e", "value": "80a7ff01de553cb099452cb9fac5762caf96c0c3cd9c5ad229739da7f2a2ca72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823269", "to_ids": true, "type": "ssdeep", "uuid": "04f80b00-858c-4922-a2db-e632054f46df", "value": "6144:T5A0tKb5+JKWg4U5RJDOuOadzfkjiIsR9bdAY+NqoexYfwO0sFvfPv:TazW+RJDOuOadzM49hAxftRPv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823269", "to_ids": false, "type": "size-in-bytes", "uuid": "30978485-39cc-4f18-a44a-8aafadebc900", "value": "388976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736823269", "to_ids": true, "type": "vhash", "uuid": "8d4e409b-4997-41d1-b39b-0e333ad53a2d", "value": "0350466d15556138z567zd0b5z1060017z2100531z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823269", "to_ids": true, "type": "filename", "uuid": "2e67a86b-f38c-475d-890e-28337f8db570", "value": "imecmnt.exe" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 13/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823269", "to_ids": false, "type": "text", "uuid": "e9df314a-12c3-4f5f-b8d2-2c6336bed769", "value": "Legitimate Executable\r\nType Description: Win32 EXE\nSymantec: None\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:0/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828970", "uuid": "a9990293-3894-44ad-b0e5-d6ecfd12b26c", "Attribute": [ { "category": "Payload delivery", "comment": "HTML file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828970", "to_ids": true, "type": "md5", "uuid": "dc8a5c39-36a9-4da2-b298-01253249d675", "value": "2527a29e9c9c302f77e8cab9e9e9ca91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HTML file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823653", "to_ids": true, "type": "sha1", "uuid": "1bb58ee7-8ec1-453f-af71-3674a354d237", "value": "2bc9daff68d6306d0af7557d1b664b98e6a48db1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HTML file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823654", "to_ids": true, "type": "sha256", "uuid": "98bac3ca-f052-40f6-85bf-e772f7c80c03", "value": "0b152012c1deab39c6ed7fe75a27168eaaec43ae025ee74d35c2fee2651b8902", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823291", "to_ids": true, "type": "ssdeep", "uuid": "a25d6227-479c-4c80-b40a-a5d484e17a72", "value": "12:hPOwW+Sy74qJmrWV6p1SeLc92Si7xHXMjumbdB0syFRKFGmV9gxHNngMNErePGu:hPUBCnh8tLc92Si2MKFh9GngMWW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823291", "to_ids": false, "type": "size-in-bytes", "uuid": "0d81f3ff-59cc-426f-a8a3-e4b4d67f59ed", "value": "754" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736823291", "to_ids": true, "type": "vhash", "uuid": "910aba2a-c5ea-478a-94e7-4e6b85768ee5", "value": "c55b33d4e9823c1463c33884644442dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823291", "to_ids": true, "type": "filename", "uuid": "2616d19e-44a7-47a3-af5c-8b394e2ac1e0", "value": "tyhewpo.html" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823291", "to_ids": false, "type": "text", "uuid": "8187f9e5-93f5-434e-b887-0a16837e690a", "value": "HTML file\r\nType Description: HTML\nSymantec: None\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:7/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1736828992", "uuid": "ae15413d-7ada-4cd7-b869-e8dff0902fea", "Attribute": [ { "category": "Payload delivery", "comment": "HTML file", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1736828992", "to_ids": true, "type": "md5", "uuid": "cd1cb6f7-9091-42f0-a1d5-7c90feda84a7", "value": "13dda920df510962a218d5e8a3789c01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HTML file", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1736823655", "to_ids": true, "type": "sha1", "uuid": "3b961f5a-0388-4cbc-8c51-7be0906d6bcb", "value": "a1effe50783e442e0ec62bd848eb21e50e32f69e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HTML file", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1736823655", "to_ids": true, "type": "sha256", "uuid": "b857429a-a084-45da-9b93-9c47ed68c060", "value": "0c7ee8667f48c50ea68c9ad02880f0ff141a3279bd000502038a3a187c7d1ede", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#e87d07", "local": false, "name": "verify-require=epp", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1736823313", "to_ids": true, "type": "ssdeep", "uuid": "ff6020af-bdd0-43bc-bf24-d83631c39cef", "value": "12:hPOwW+Sy74qJmrWV6p1SeLc92Si7xH6hbhumbdB0syFRKFGmV9gxH6hCTngMNErS:hPUBCnh8tLc92Sdo2MKFh9REngMWW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1736823313", "to_ids": false, "type": "size-in-bytes", "uuid": "facaabc4-4e15-45e9-96a7-a41c806b09ca", "value": "780" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1736823313", "to_ids": true, "type": "vhash", "uuid": "9b080f90-10bf-4057-988b-618c113ae42f", "value": "c55b33d4e9823c1463c33884644442dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1736823313", "to_ids": true, "type": "filename", "uuid": "228b0b3a-2c2d-4537-8fbc-75c2c5c91772", "value": "Meeting105.html" }, { "category": "Other", "comment": "Checked: 14/01/2025\nLast-scan\t: 14/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1736823313", "to_ids": false, "type": "text", "uuid": "4ff0cb81-51ed-480a-9f84-511628acd742", "value": "HTML file\r\nType Description: HTML\nSymantec: None\nMicrosoft: None\nSentinelOne: None\nVT Total Detection:5/61" } ] } ] } }