{ "Event": { "analysis": "0", "date": "2016-04-29", "extends_uuid": "", "info": "[Threat Intel] PLATINUM Targeted attacks in South and Southeast Asia", "protected": false, "publish_timestamp": "1780042179", "published": true, "threat_level_id": "1", "timestamp": "1780042178", "uuid": "592acc60-42a9-42e2-ad37-c100dca752e9", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Microsoft\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"PLATINUM\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Diplomacy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"IT - ISP\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"REDSALT\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771085603", "to_ids": false, "type": "link", "uuid": "5a162eb4-79da-4bfc-a2c1-e353f28f8696", "value": "https://download.microsoft.com/download/2/2/5/225BFE3E-E1DE-4F5B-A77B-71200928D209/Platinum%20feature%20article%20-%20Targeted%20attacks%20in%20South%20and%20Southeast%20Asia%20April%202016.pdf" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087946", "to_ids": true, "type": "sha1", "uuid": "e326876c-ceeb-4f93-89d6-275e0ebe8245", "value": "e9f900b5d01320ccd4990fd322a459d709d43e4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087947", "to_ids": true, "type": "sha1", "uuid": "0507c5c5-1101-4b37-8bfb-cdc5b08cc4d9", "value": "9a4e82ba371cd2fedea0b889c879daee7a01e1b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malaysia a victim of American irregular warfare ops.doc No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087948", "to_ids": true, "type": "sha1", "uuid": "bbe9801c-e9b4-4dec-a3b3-131d70672ef3", "value": "92a3ece981bb5e0a3ee4277f08236c1d38b54053", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087948", "to_ids": true, "type": "sha1", "uuid": "b092ec18-718b-4fdd-959d-f0caabff986f", "value": "0bc08dca86bd95f43ccc78ef4b27d81f28b4b769", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087950", "to_ids": true, "type": "sha1", "uuid": "3a9497cf-4f1c-441b-84c0-5756d0c047fd", "value": "f4af574124e9020ef3d0a7be9f1e42c2261e97e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771085750", "to_ids": false, "type": "vulnerability", "uuid": "42a0856b-1303-4701-898b-adceaec9c5ed", "value": "CVE-2013-7331" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771087980", "to_ids": true, "type": "url", "uuid": "8f3c41cc-aeb5-4a60-b781-a19bd21e966c", "value": "mister.nofrillspace.com/users/web8_dice/4226/space.gif", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088002", "to_ids": true, "type": "url", "uuid": "a403b587-f6d4-4e52-af2b-ac17a4f03cf8", "value": "intent.nofrillspace.com/users/web11_focus/3807/space.gif", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088022", "to_ids": true, "type": "url", "uuid": "02499fe6-ceb8-4b34-b778-deb2ed837e96", "value": "mister.nofrillspace.com/users/web8_dice/3791/space.gif", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088043", "to_ids": true, "type": "url", "uuid": "27c8d38b-e1a3-449b-875f-b9003b948b22", "value": "intent.nofrillspace.com/users/web11_focus/4307/space.gif", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088064", "to_ids": true, "type": "url", "uuid": "ba66d95f-e99f-43dc-96cf-37aea2f44e1d", "value": "www.police28122011.0fees.net/pages/013/space.gif", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771085789", "to_ids": false, "type": "vulnerability", "uuid": "ce813a6d-b88a-45dc-a54c-70c021c5debe", "value": "CVE-2015-2545" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771085789", "to_ids": false, "type": "vulnerability", "uuid": "156efbd1-3211-441d-a931-186cceef8744", "value": "CVE-2015-2546" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088086", "to_ids": true, "type": "hostname", "uuid": "2be34929-bcf5-435b-8bf8-7d4ed0ac7ac9", "value": "box62.a-inet.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088107", "to_ids": true, "type": "hostname", "uuid": "a402fafd-2c8f-4f47-abcb-69e8b0496d0b", "value": "eclipse.a-inet.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088128", "to_ids": true, "type": "hostname", "uuid": "d19dafbb-4a5a-4066-a93a-f0ae1f7825a3", "value": "joomlastats.a-inet.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088150", "to_ids": true, "type": "hostname", "uuid": "118bc2ed-f86d-4a45-99d1-443cd26a69c6", "value": "updates.joomlastats.co.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088171", "to_ids": true, "type": "hostname", "uuid": "98fe7774-539e-4498-ad15-37070d0067b8", "value": "server.joomlastats.co.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088193", "to_ids": true, "type": "hostname", "uuid": "19c90ee2-b643-4e5b-810f-b93ddea1990b", "value": "scienceweek.scieron.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088214", "to_ids": true, "type": "hostname", "uuid": "61b10513-efa2-4c0d-81d0-e5157dc0e997", "value": "mobileworld.darktech.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088235", "to_ids": true, "type": "hostname", "uuid": "48e7ed4c-23da-4c0d-b3a6-188ceac1bbb5", "value": "geocities.efnet.at", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088257", "to_ids": true, "type": "hostname", "uuid": "9bc38e08-2b02-4266-97ec-96ce23bb3d01", "value": "bpl.blogsite.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771088278", "to_ids": true, "type": "hostname", "uuid": "6660604d-a5ad-436a-96ca-814e1362ff5e", "value": "wiki.servebbs.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hardcoded IP", "deleted": false, "disable_correlation": false, "timestamp": "1780042170", "to_ids": true, "type": "ip-dst", "uuid": "10cfd737-1d1c-4782-9fab-955d4a0b8255", "value": "200.61.248.8", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#d8ed2e", "local": false, "name": "asn:asn=\"52424\"", "relationship_type": "" }, { "colour": "#97f3a8", "local": false, "name": "asn:as-owner=\"Universidad Nacional de Entre Rios\"", "relationship_type": "" }, { "colour": "#429a8a", "local": false, "name": "asn:as-country=\"AR\"", "relationship_type": "" }, { "colour": "#843623", "local": false, "name": "misp-galaxy:country=\"argentina\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hardcoded IP", "deleted": false, "disable_correlation": false, "timestamp": "1780042172", "to_ids": true, "type": "ip-dst", "uuid": "8bdee8c8-1111-43f7-9642-6f575b0a0828", "value": "209.45.65.163", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#470686", "local": false, "name": "asn:asn=\"3132\"", "relationship_type": "" }, { "colour": "#06696e", "local": false, "name": "asn:as-owner=\"Red Cientifica Peruana\"", "relationship_type": "" }, { "colour": "#323882", "local": false, "name": "asn:as-country=\"PE\"", "relationship_type": "" }, { "colour": "#a4638c", "local": false, "name": "misp-galaxy:country=\"peru\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hardcoded IP", "deleted": false, "disable_correlation": false, "timestamp": "1780042174", "to_ids": true, "type": "ip-dst", "uuid": "ab1ef2c7-949b-4644-b391-2df3132df763", "value": "190.96.47.9", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#10735d", "local": false, "name": "asn:asn=\"14259\"", "relationship_type": "" }, { "colour": "#cad18e", "local": false, "name": "asn:as-owner=\"Gtd Internet S.A.\"", "relationship_type": "" }, { "colour": "#f58fe5", "local": false, "name": "asn:as-country=\"CL\"", "relationship_type": "" }, { "colour": "#5855b4", "local": false, "name": "misp-galaxy:country=\"chile\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hardcoded IP", "deleted": false, "disable_correlation": false, "timestamp": "1780042176", "to_ids": true, "type": "ip-dst", "uuid": "7b56a511-9baf-45a7-b502-e962f1561ef2", "value": "192.192.114.1", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#9de049", "local": false, "name": "asn:asn=\"1659\"", "relationship_type": "" }, { "colour": "#4213d5", "local": false, "name": "asn:as-owner=\"ERX-TANET-ASN1 Taiwan Academic Network TANet Information Center\"", "relationship_type": "" }, { "colour": "#9053fd", "local": false, "name": "asn:as-country=\"TW\"", "relationship_type": "" }, { "colour": "#1237d4", "local": false, "name": "misp-galaxy:country=\"taiwan\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hardcoded IP", "deleted": false, "disable_correlation": false, "timestamp": "1780042178", "to_ids": true, "type": "ip-dst", "uuid": "eb7d3a75-f51d-42c8-85ea-517109e078aa", "value": "61.31.203.98", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#248a46", "local": false, "name": "asn:asn=\"9924\"", "relationship_type": "" }, { "colour": "#92161c", "local": false, "name": "asn:as-owner=\"TFN-TW Taiwan Fixed Network, Telco and Network Service Provider.\"", "relationship_type": "" }, { "colour": "#9053fd", "local": false, "name": "asn:as-country=\"TW\"", "relationship_type": "" }, { "colour": "#1237d4", "local": false, "name": "misp-galaxy:country=\"taiwan\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hotpatching Injector No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087951", "to_ids": true, "type": "sha1", "uuid": "7b664e66-2366-4349-93eb-bb15e3098dc1", "value": "ff7f949da665ba8ce9fb01da357b51415634eaad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hotpatching Injector No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087952", "to_ids": true, "type": "sha1", "uuid": "b524c870-7bc5-4732-81d7-88d5ce4b41ff", "value": "dff2fee984ba9f5a8f5d97582c83fca4fa1fe131", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer component No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087953", "to_ids": true, "type": "sha1", "uuid": "eeceffd0-7e65-44c5-9d28-eff866d15cf6", "value": "e0ac2ae221328313a7eee33e9be0924c46e2beb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer component No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087955", "to_ids": true, "type": "sha1", "uuid": "14577d55-6445-4cec-bd1a-3f47207ecb33", "value": "ccaf36c2d02c3c5ca24eeeb7b1eae7742a23a86a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Variant of the JPin backdoor No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087956", "to_ids": true, "type": "sha1", "uuid": "65b79c6d-7711-4b31-9906-5e838417bfdc", "value": "ca3bda30a3cdc15afb78e54fa1bbb9300d268d66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Variant of the JPin backdoor No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087957", "to_ids": true, "type": "sha1", "uuid": "c731a271-640c-4918-ad7b-0e45db5e65d5", "value": "2fe3c80e98bbb0cf5a0c4da286cd48ec78130a24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Keylogger component No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087958", "to_ids": true, "type": "sha1", "uuid": "bab09281-0c50-4c69-847f-74bb82de5d12", "value": "0096a3e0c97b85ca75164f48230ae530c94a2b77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Keylogger component No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087958", "to_ids": true, "type": "sha1", "uuid": "00b2834c-3eca-4977-87c8-acda59d73a8b", "value": "6a1412daaa9bdc553689537df0a004d44f8a45fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Adupib SSL Backdoor No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087960", "to_ids": true, "type": "sha1", "uuid": "17a66a72-a072-468c-b4e2-60c278be53e7", "value": "a80051d5ae124fd9e5cc03e699dd91c2b373978b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Loader / possible incomplete LSA Password Filter No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087961", "to_ids": true, "type": "sha1", "uuid": "03ea77f7-d287-415f-88b1-4f73c292f932", "value": "29cb81dbe491143b2f8b67beaeae6557d8944ab4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind variant No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087962", "to_ids": true, "type": "sha1", "uuid": "9f46515f-5347-4d70-a275-a18cac28cc4e", "value": "6dccf88d89ad7b8611b1bc2e9fb8baea41bdb65a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Raw-input based keylogger No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087963", "to_ids": true, "type": "sha1", "uuid": "6ca2eef9-f67d-4bfe-9863-660d6c16f3b1", "value": "960feeb15a0939ec0b53dcb6815adbf7ac1e7bb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer component No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087964", "to_ids": true, "type": "sha1", "uuid": "9ee92616-70a4-4045-95d9-0b08ea7a7aa4", "value": "99c08d31af211a0e17f92dd312ec7ca2b9469ecb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer component No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087965", "to_ids": true, "type": "sha1", "uuid": "54cf63d9-3182-4f8f-adc3-762c3f04a6b0", "value": "dcb6cf7cf7c8fdfc89656a042f81136bda354ba6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer component No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087966", "to_ids": true, "type": "sha1", "uuid": "9cf872b8-5168-42e1-b135-ff30d8249415", "value": "99dcb148b053f4cef6df5fa1ec5d33971a58bd1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer component No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087967", "to_ids": true, "type": "sha1", "uuid": "2658c403-c603-47fd-adf9-43f2ba87e6aa", "value": "c1c950bc6a2ad67488e675da4dfc8916831239a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hook-based keylogger No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087968", "to_ids": true, "type": "sha1", "uuid": "3fdbd86b-41aa-443a-a7cb-1351f0fcb29b", "value": "831a5a29d47ab85ee3216d4e75f18d93641a9819", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Hook-based keylogger No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087968", "to_ids": true, "type": "sha1", "uuid": "7d10a166-3d9a-48e0-a535-d3f4dfb0a6de", "value": "e18750207ddbd939975466a0e01bd84e75327dda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "JPin backdoor No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087970", "to_ids": true, "type": "sha1", "uuid": "64e79726-0501-490c-af41-458b3999645d", "value": "3119de80088c52bd8097394092847cd984606c88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "JPin backdoor No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087970", "to_ids": true, "type": "sha1", "uuid": "60c3aa75-24af-48c5-91db-d3762cb2a3be", "value": "3acb8fe2a5eb3478b4553907a571b6614eb5455c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer component No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087972", "to_ids": true, "type": "sha1", "uuid": "372f3649-853f-4783-8674-38b6e9c98dea", "value": "6d1169775a552230302131f9385135d385efd166", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind variant No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087972", "to_ids": true, "type": "sha1", "uuid": "6ed0906a-771d-4688-bc85-76c95f9130ea", "value": "d807648ddecc4572c7b04405f496d25700e0be6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind variant No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087973", "to_ids": true, "type": "sha1", "uuid": "726e4aa7-6779-4b69-a445-d388587d0b03", "value": "bbd4992ee3f3a3267732151636359cf94fb4575d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer for Dipsind variant No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087974", "to_ids": true, "type": "sha1", "uuid": "4c405257-9dd8-4d82-b453-ecb77455f241", "value": "2abb8e1e9cac24be474e4955c63108ff86d1a034", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Injector / loader component No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087975", "to_ids": true, "type": "sha1", "uuid": "6f950d06-9afa-455a-930e-9d2ab3991292", "value": "3a678b5c9c46b5b87bfcb18306ed50fadfc6372e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Zc tool No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087977", "to_ids": true, "type": "sha1", "uuid": "31792e59-1856-4a73-89fe-54552b3b2d7c", "value": "88ff852b1b8077ad5a19cc438afb2402462fbd1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Zc tool v2 No sample in VT\r\nLast check:15/02/2026", "deleted": false, "disable_correlation": false, "timestamp": "1771087978", "to_ids": true, "type": "sha1", "uuid": "99cad035-6eae-4968-8647-9f762092942c", "value": "dc991ef598825daabd9e70bac92c79154363bab2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771085907", "uuid": "75c51ccc-a9fc-4767-aa1c-821013a8bc3d", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771085907", "to_ids": false, "type": "text", "uuid": "cdd2dbe2-7a23-4082-b382-9ff8e0f71590", "value": "Trojan_Win32_PlaSrv : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771085907", "to_ids": false, "type": "comment", "uuid": "f6d02bc2-b561-4a1a-ae28-f5d3969f0a6f", "value": "Hotpatching Injector" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771085907", "to_ids": true, "type": "yara", "uuid": "f5f9a3df-c4a3-44d3-adad-007131b477ca", "value": "rule Trojan_Win32_PlaSrv : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Hotpatching Injector\"\r\n original_sample_sha1 = \"ff7f949da665ba8ce9fb01da357b51415634eaad\"\r\n unpacked_sample_sha1 = \"dff2fee984ba9f5a8f5d97582c83fca4fa1fe131\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $Section_name = \".hotp1\"\r\n $offset_x59 = { C7 80 64 01 00 00 00 00 01 00 }\r\n\r\n condition:\r\n $Section_name and $offset_x59\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771085933", "uuid": "52b596b3-d451-4ce9-8735-d12271ab7857", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771085933", "to_ids": false, "type": "text", "uuid": "c7f89f7e-63cc-4f5d-94fd-d7cbe4ffddd9", "value": "Trojan_Win32_Platual : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771085933", "to_ids": false, "type": "comment", "uuid": "412c886b-a1c7-4025-a14b-97654167ba05", "value": "Installer component" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771085933", "to_ids": true, "type": "yara", "uuid": "474e50fb-76fa-4a62-aabc-a60283655b97", "value": "rule Trojan_Win32_Platual : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Installer component\"\r\n original_sample_sha1 = \"e0ac2ae221328313a7eee33e9be0924c46e2beb9\"\r\n unpacked_sample_sha1 = \"ccaf36c2d02c3c5ca24eeeb7b1eae7742a23a86a\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $class_name = \"AVCObfuscation\"\r\n $scrambled_dir = { A8 8B B8 E3 B1 D7 FE 85 51 32 3E C0 F1 B7 73 99 }\r\n\r\n condition:\r\n $class_name and $scrambled_dir\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771085952", "uuid": "a7ce60c9-74c9-409d-b488-27faaa0d4d66", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771085952", "to_ids": false, "type": "text", "uuid": "f2b499e1-780a-4c89-be41-e78f67db79fe", "value": "Trojan_Win32_Plaplex : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771085952", "to_ids": false, "type": "comment", "uuid": "f79d707d-8c7f-4229-91cb-33501f9b7010", "value": "Variant of the JPin backdoor" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771085952", "to_ids": true, "type": "yara", "uuid": "0f4d2612-22ab-48d2-92c9-3f12d967d12c", "value": "rule Trojan_Win32_Plaplex : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Variant of the JPin backdoor\"\r\n original_sample_sha1 = \"ca3bda30a3cdc15afb78e54fa1bbb9300d268d66\"\r\n unpacked_sample_sha1 = \"2fe3c80e98bbb0cf5a0c4da286cd48ec78130a24\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $class_name1 = \"AVCObfuscation\"\r\n $class_name2 = \"AVCSetiriControl\"\r\n\r\n condition:\r\n $class_name1 and $class_name2\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771085982", "uuid": "284817ee-9d39-4078-8a65-d0a436cc6544", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771085982", "to_ids": false, "type": "text", "uuid": "2039532a-52b6-465d-80cb-b1f74b61f5a2", "value": "Trojan_Win32_Dipsind_B : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771085982", "to_ids": false, "type": "comment", "uuid": "8c59a197-68e5-4e51-8fea-ab4acb7ce8bb", "value": "Dipsind Family" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771085982", "to_ids": true, "type": "yara", "uuid": "b8661d88-632b-4767-8a3d-66e68f2c3cdc", "value": "rule Trojan_Win32_Dipsind_B : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Dipsind Family\"\r\n sample_sha1 = \"09e0dfbb5543c708c0dd6a89fd22bbb96dc4ca1c\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $frg1 = {8D 90 04 01 00 00 33 C0 F2 AE F7 D1 2B F9 8B C1 8B F7 8B FA C1 E9 02 F3\r\nA5 8B C8 83 E1 03 F3 A4 8B 4D EC 8B 15 ?? ?? ?? ?? 89 91 ?? 07 00 00 }\r\n $frg2 = {68 A1 86 01 00 C1 E9 02 F3 AB 8B CA 83 E1 03 F3 AA}\r\n $frg3 = {C0 E8 07 D0 E1 0A C1 8A C8 32 D0 C0 E9 07 D0 E0 0A C8 32 CA 80 F1 63}\r\n\r\n condition:\r\n $frg1 and $frg2 and $frg3\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086006", "uuid": "b440719d-e865-4e91-8597-86b3f69930c4", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086006", "to_ids": false, "type": "text", "uuid": "6160fde1-7215-459b-a40c-0de3f8c881cd", "value": "Trojan_Win32_PlaKeylog_B : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086006", "to_ids": false, "type": "comment", "uuid": "478ed443-0f07-4c54-8542-55ddac8a0501", "value": "Keylogger component" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086006", "to_ids": true, "type": "yara", "uuid": "d24267c2-4692-443c-93ff-91896f56ba85", "value": "rule Trojan_Win32_PlaKeylog_B : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Keylogger component\"\r\n original_sample_sha1 = \"0096a3e0c97b85ca75164f48230ae530c94a2b77\"\r\n unpacked_sample_sha1 = \"6a1412daaa9bdc553689537df0a004d44f8a45fd\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $hook = {C6 06 FF 46 C6 06 25}\r\n $dasm_engine = {80 C9 10 88 0E 8A CA 80 E1 07 43 88 56 03 80 F9 05}\r\n\r\n condition:\r\n $hook and $dasm_engine\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086042", "uuid": "9381c623-14c9-4325-8158-47f6f5fd4912", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086042", "to_ids": false, "type": "text", "uuid": "9a56f9a9-3ccd-48a4-af52-d3728294c4ce", "value": "Trojan_Win32_Adupib : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086042", "to_ids": false, "type": "comment", "uuid": "5f1e6b14-10ca-48ef-b0f5-67b2ba5320b2", "value": "Adupib SSL Backdoor" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086042", "to_ids": true, "type": "yara", "uuid": "4c60eef8-9fcf-439b-90c3-665138b4b742", "value": "rule Trojan_Win32_Adupib : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Adupib SSL Backdoor\"\r\n original_sample_sha1 = \"d3ad0933e1b114b14c2b3a2c59d7f8a95ea0bcbd\"\r\n unpacked_sample_sha1 = \"a80051d5ae124fd9e5cc03e699dd91c2b373978b\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = \"POLL_RATE\"\r\n $str2 = \"OP_TIME(end hour)\"\r\n $str3 = \"%d:TCP:*:Enabled\"\r\n $str4 = \"%s[PwFF_cfg%d]\"\r\n $str5 = \"Fake_GetDlgItemTextW: ***value***=\"\r\n condition:\r\n $str1 and $str2 and $str3 and $str4 and $str5\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086062", "uuid": "135808d7-ab68-44c6-98c8-b186692da8af", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086062", "to_ids": false, "type": "text", "uuid": "fc8671e1-3d3e-40b4-8c09-0ebe216ba13f", "value": "Trojan_Win32_PlaLsaLog : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086062", "to_ids": false, "type": "comment", "uuid": "71294499-4680-4d2c-bc1f-c0c2bae1ed8e", "value": "Loader / possible incomplete LSA Password Filter" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086062", "to_ids": true, "type": "yara", "uuid": "ef145596-da5f-42c9-a339-e6ba8d0946e7", "value": "rule Trojan_Win32_PlaLsaLog : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Loader / possible incomplete LSA Password Filter\"\r\n original_sample_sha1 = \"fa087986697e4117c394c9a58cb9f316b2d9f7d8\"\r\n unpacked_sample_sha1 = \"29cb81dbe491143b2f8b67beaeae6557d8944ab4\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = {8A 1C 01 32 DA 88 1C 01 8B 74 24 0C 41 3B CE 7C EF 5B 5F C6 04 01 00 5E\r\n81 C4 04 01 00 00 C3}\r\n $str2 = \"PasswordChangeNotify\"\r\n\r\n condition:\r\n $str1 and $str2\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086085", "uuid": "c5ebce6c-14b0-448e-bbef-932af540bffd", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086085", "to_ids": false, "type": "text", "uuid": "8b07f803-4d29-4e37-a088-8fb81cfe2b76", "value": "Trojan_Win32_Plagon : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086085", "to_ids": false, "type": "comment", "uuid": "77b307e0-4dd6-4b99-816c-f2d161ae76bd", "value": "Dipsind variant" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086085", "to_ids": true, "type": "yara", "uuid": "1b73b41a-7f59-4c83-8068-c900a5077003", "value": "rule Trojan_Win32_Plagon : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Dipsind variant\"\r\n original_sample_sha1 = \"48b89f61d58b57dba6a0ca857bce97bab636af65\"\r\n unpacked_sample_sha1 = \"6dccf88d89ad7b8611b1bc2e9fb8baea41bdb65a\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n\r\n strings:\r\n $str1 = \"VPLRXZHTU\"\r\n $str2 = {64 6F 67 32 6A 7E 6C}\r\n $str3 = \"Dqpqftk(Wou\\\"Isztk)\"\r\n $str4 = \"StartThreadAtWinLogon\"\r\n\r\n\r\n condition:\r\n $str1 and $str2 and $str3 and $str4\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086131", "uuid": "fb639eb4-73bf-44bf-a2c9-9019c8d63984", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086131", "to_ids": false, "type": "text", "uuid": "4cb58d94-4509-47d4-b788-806e3608ff7c", "value": "Trojan_Win32_Plakelog : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086131", "to_ids": false, "type": "comment", "uuid": "0f7df3d8-e533-4bcc-805c-c0d33179848a", "value": "Raw-input based keylogger" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086131", "to_ids": true, "type": "yara", "uuid": "1b0731d7-b15c-4ac3-8b65-2bbe78daa12b", "value": "rule Trojan_Win32_Plakelog : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Raw-input based keylogger\"\r\n original_sample_sha1 = \"3907a9e41df805f912f821a47031164b6636bd04\"\r\n unpacked_sample_sha1 = \"960feeb15a0939ec0b53dcb6815adbf7ac1e7bb2\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = \"<0x02>\" wide\r\n $str2 = \"[CTR-BRK]\" wide\r\n $str3 = \"[/WIN]\" wide\r\n $str4 = {8A 16 8A 18 32 DA 46 88 18 8B 15 08 E6 42 00 40 41 3B CA 72 EB 5E 5B}\r\n condition:\r\n $str1 and $str2 and $str3 and $str4\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086154", "uuid": "167b8dd2-a5a1-4599-94a4-1d9980b80fbd", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086154", "to_ids": false, "type": "text", "uuid": "459b0fc9-1d14-4457-8675-fc73535f52d7", "value": "Trojan_Win32_Plainst : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086154", "to_ids": false, "type": "comment", "uuid": "114e1d8e-bd75-4cdd-a42c-311a528442b6", "value": "Installer component" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086154", "to_ids": true, "type": "yara", "uuid": "4be8ae7f-a2cb-4296-b368-36cc10407ea9", "value": "rule Trojan_Win32_Plainst : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Installer component\"\r\n original_sample_sha1 = \"99c08d31af211a0e17f92dd312ec7ca2b9469ecb\"\r\n unpacked_sample_sha1 = \"dcb6cf7cf7c8fdfc89656a042f81136bda354ba6\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = {66 8B 14 4D 18 50 01 10 8B 45 08 66 33 14 70 46 66 89 54 77 FE 66 83 7C\r\n77 FE 00 75 B7 8B 4D FC 89 41 08 8D 04 36 89 41 0C 89 79 04}\r\n $str2 = {4b D3 91 49 A1 80 91 42 83 B6 33 28 36 6B 90 97}\r\n condition:\r\n$str1 and $str2\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086181", "uuid": "3f788c06-95fb-45fe-bf9c-d41a4dafdc38", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086181", "to_ids": false, "type": "text", "uuid": "33109f12-1127-4337-b7f8-3aa02ea60a7d", "value": "Trojan_Win32_Plagicom : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086181", "to_ids": false, "type": "comment", "uuid": "f1c2f2ac-85ee-4658-b181-7d1c55015857", "value": "Installer component" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086181", "to_ids": true, "type": "yara", "uuid": "5c6f7729-ff12-41e2-a8b2-a2d179b8f7fb", "value": "rule Trojan_Win32_Plagicom : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Installer component\"\r\n original_sample_sha1 = \"99dcb148b053f4cef6df5fa1ec5d33971a58bd1e\"\r\n unpacked_sample_sha1 = \"c1c950bc6a2ad67488e675da4dfc8916831239a7\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = {C6 44 24 ?? 68 C6 44 24 ?? 4D C6 44 24 ?? 53 C6 44 24 ?? 56 C6 44 24 ??\r\n00}\r\n $str2 = \"OUEMM/EMM\"\r\n $str3 = {85 C9 7E 08 FE 0C 10 40 3B C1 7C F8 C3}\r\n condition:\r\n $str1 and $str2 and $str3\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086205", "uuid": "8e8e5962-51c0-42ea-b1e7-fe5d6263e02a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086205", "to_ids": false, "type": "text", "uuid": "96357c9d-7f40-47fd-bb0f-9cdc8c4d33a7", "value": "Trojan_Win32_Plaklog : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086205", "to_ids": false, "type": "comment", "uuid": "3aa1aeda-0eff-49f9-b949-ec59691da74d", "value": "Hook-based keylogger" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086205", "to_ids": true, "type": "yara", "uuid": "ea4786e4-69af-4c03-95ca-a9cd1886f894", "value": "rule Trojan_Win32_Plaklog : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Hook-based keylogger\"\r\n original_sample_sha1 = \"831a5a29d47ab85ee3216d4e75f18d93641a9819\"\r\n unpacked_sample_sha1 = \"e18750207ddbd939975466a0e01bd84e75327dda\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = \"++[%s^^unknown^^%s]++\"\r\n $str2 = \"vtfs43/emm\"\r\n $str3 = {33 C9 39 4C 24 08 7E 10 8B 44 24 04 03 C1 80 00 08 41 3B 4C 24 08 7C F0\r\nC3}\r\n condition:\r\n $str1 and $str2 and $str3\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086229", "uuid": "976f5a0c-cbcf-4c11-95aa-dc50bddc3c88", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086229", "to_ids": false, "type": "text", "uuid": "91deb0f3-9f12-4c11-813d-19aa3ab7a7cd", "value": "Trojan_Win32_Plapiio : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086229", "to_ids": false, "type": "comment", "uuid": "48245061-99fc-4fe6-93e2-40f65ba80a17", "value": "JPin backdoor" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086229", "to_ids": true, "type": "yara", "uuid": "84fd537b-9b3d-46bf-a5a4-5599dad47a93", "value": "rule Trojan_Win32_Plapiio : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"JPin backdoor\"\r\n original_sample_sha1 = \"3119de80088c52bd8097394092847cd984606c88\"\r\n unpacked_sample_sha1 = \"3acb8fe2a5eb3478b4553907a571b6614eb5455c\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = \"ServiceMain\"\r\n $str2 = \"Startup\"\r\n $str3 = {C6 45 ?? 68 C6 45 ?? 4D C6 45 ?? 53 C6 45 ?? 56 C6 45 ?? 6D C6 45 ?? 6D}\r\n condition:\r\n $str1 and $str2 and $str3\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086257", "uuid": "580e5bcc-b301-48da-be3a-afd3e34add59", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086257", "to_ids": false, "type": "text", "uuid": "34c38cd7-a270-4738-b558-667b9fc87739", "value": "Trojan_Win32_Plabit : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086257", "to_ids": false, "type": "comment", "uuid": "6c04dd4f-434c-4f5e-a048-3c740a15f807", "value": "Installer component" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086257", "to_ids": true, "type": "yara", "uuid": "4336662b-5b8f-49e9-ac37-240213500d0c", "value": "rule Trojan_Win32_Plabit : Platinum\r\n{\r\n meta:\r\nauthor = \"Microsoft\"\r\n description = \"Installer component\"\r\nsample_sha1 =\r\n\"6d1169775a552230302131f9385135d385efd166\"\r\nactivity_group = \"Platinum\"\r\nversion = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = {4b D3 91 49 A1 80 91 42 83 B6 33 28 36 6B 90 97}\r\n $str2 = \"GetInstanceW\"\r\n $str3 = {8B D0 83 E2 1F 8A 14 0A 30 14 30 40 3B 44 24 04 72 EE}\r\n condition:\r\n $str1 and $str2 and $str3\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086306", "uuid": "d9a97893-cc47-4953-89e3-1fad4c999f87", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086288", "to_ids": false, "type": "text", "uuid": "1a516a47-72a5-4639-a582-0f6159dc0238", "value": "Trojan_Win32_Placisc2 : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086288", "to_ids": false, "type": "comment", "uuid": "128935a9-e11d-45dd-b1e4-ad9eec9cca9b", "value": "Dipsind variant" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086306", "to_ids": true, "type": "yara", "uuid": "bbe51635-525a-49ac-b8ed-d6ce91e5816e", "value": "rule Trojan_Win32_Placisc2 : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Dipsind variant\"\r\n original_sample_sha1 = \"bf944eb70a382bd77ee5b47548ea9a4969de0527\"\r\n unpacked_sample_sha1 = \"d807648ddecc4572c7b04405f496d25700e0be6e\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = {76 16 8B D0 83 E2 07 8A 4C 14 24 8A 14 18 32 D1 88 14 18 40 3B C7 72 EA\r\n}\r\n $str2 = \"VPLRXZHTU\"\r\n $str3 = \"%d) Command:%s\"\r\n $str4 = {0D 0A 2D 2D 2D 2D 2D 09 2D 2D 2D 2D 2D 2D 0D 0A}\r\n condition:\r\n $str1 and $str2 and $str3 and $str4\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086341", "uuid": "34800aa5-d85f-446c-b4e1-550fbb841dc1", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086341", "to_ids": false, "type": "text", "uuid": "0244928a-7090-4d92-af6a-19fdffcc4a8d", "value": "Trojan_Win32_Placisc3 : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086341", "to_ids": false, "type": "comment", "uuid": "159e348e-ee8d-4fa0-a574-af04bd5910f0", "value": "Dipsind variant" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086341", "to_ids": true, "type": "yara", "uuid": "bd12b7b1-58db-4389-99af-6531168319de", "value": "rule Trojan_Win32_Placisc3 : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Dipsind variant\"\r\n original_sample_sha1 = \"1b542dd0dacfcd4200879221709f5fa9683cdcda\"\r\n unpacked_sample_sha1 = \"bbd4992ee3f3a3267732151636359cf94fb4575d\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = {BA 6E 00 00 00 66 89 95 ?? ?? FF FF B8 73 00 00 00 66 89 85 ?? ?? FF FF\r\nB9 64 00 00 00 66 89 8D ?? ?? FF FF BA 65 00 00 00 66 89 95 ?? ?? FF FF B8 6C 00 00\r\n00}\r\n $str2 = \"VPLRXZHTU\"\r\n $str3 = {8B 44 24 ?? 8A 04 01 41 32 C2 3B CF 7C F2 88 03}\r\n condition:\r\n $str1 and $str2 and $str3\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086360", "uuid": "48781be6-1122-4693-86a9-1ae7bc7af985", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086360", "to_ids": false, "type": "text", "uuid": "c618fc59-6692-4d36-955a-751477d2000d", "value": "Trojan_Win32_Placisc4 : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086360", "to_ids": false, "type": "comment", "uuid": "c2bf2086-3d6f-4c17-a350-09bd6d192638", "value": "Installer for Dipsind variant" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086360", "to_ids": true, "type": "yara", "uuid": "f6feef49-a505-43ae-9687-7f5c60107443", "value": "rule Trojan_Win32_Placisc4 : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Installer for Dipsind variant\"\r\n original_sample_sha1 = \"3d17828632e8ff1560f6094703ece5433bc69586\"\r\n unpacked_sample_sha1 = \"2abb8e1e9cac24be474e4955c63108ff86d1a034\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = {8D 71 01 8B C6 99 BB 0A 00 00 00 F7 FB 0F BE D2 0F BE 04 39 2B C2 88 04\r\n39 84 C0 74 0A}\r\n $str2 = {6A 04 68 00 20 00 00 68 00 00 40 00 6A 00 FF D5}\r\n $str3 = {C6 44 24 ?? 64 C6 44 24 ?? 6F C6 44 24 ?? 67 C6 44 24 ?? 32 C6 44 24 ??\r\n6A}\r\n\r\n condition:\r\n $str1 and $str2 and $str3\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086383", "uuid": "3e835953-be81-45d3-bb60-841306a0fb10", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086383", "to_ids": false, "type": "text", "uuid": "de24c28c-8b17-4df4-8d4e-5845f3ecbe2b", "value": "Trojan_Win32_Plakpers : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086383", "to_ids": false, "type": "comment", "uuid": "4e2ee105-df25-43ad-865a-b76b53eabcdf", "value": "Injector / loader component" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086383", "to_ids": true, "type": "yara", "uuid": "84fe89d2-fef4-404a-ab02-fa51dcc9d2d5", "value": "rule Trojan_Win32_Plakpers : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Injector / loader component\"\r\n original_sample_sha1 = \"fa083d744d278c6f4865f095cfd2feabee558056\"\r\n unpacked_sample_sha1 = \"3a678b5c9c46b5b87bfcb18306ed50fadfc6372e\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = \"MyFileMappingObject\"\r\n $str2 = \"[%.3u] %s %s %s [%s:\" wide\r\n $str3 = \"%s\\\\{%s}\\\\%s\" wide\r\n\r\n condition:\r\n $str1 and $str2 and $str3\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086410", "uuid": "dd2002df-e165-4e2f-a4b6-36a1521a214f", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086410", "to_ids": false, "type": "text", "uuid": "f247c38e-7ee5-4ef7-a029-09c088af7df6", "value": "Trojan_Win32_Plainst2 : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086410", "to_ids": false, "type": "comment", "uuid": "b543b5a8-bac8-4266-adf3-b509b7e83573", "value": "Zc tool" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086410", "to_ids": true, "type": "yara", "uuid": "841fd658-0333-44d0-93fc-27fc58945c72", "value": "rule Trojan_Win32_Plainst2 : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Zc tool\"\r\n original_sample_sha1 = \"3f2ce812c38ff5ac3d813394291a5867e2cddcf2\"\r\n unpacked_sample_sha1 = \"88ff852b1b8077ad5a19cc438afb2402462fbd1a\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = \"Connected [%s:%d]...\"\r\n $str2 = \"reuse possible: %c\"\r\n $str3 = \"] => %d%%\\x0a\"\r\n\r\n\r\n condition:\r\n $str1 and $str2 and $str3\r\n}" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "7", "timestamp": "1771086434", "uuid": "dba29b88-d672-44cd-b73a-8ca9ec341cad", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1771086434", "to_ids": false, "type": "text", "uuid": "ac589c2b-1d37-4aa8-87d2-55c7a6528778", "value": "Trojan_Win32_Plakpeer : Platinum" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1771086434", "to_ids": false, "type": "comment", "uuid": "8446dcee-553e-43df-a9a8-ff03dcc9cb76", "value": "Zc tool v2" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1771086434", "to_ids": true, "type": "yara", "uuid": "5753efab-4dfa-4f3a-9822-e99220756535", "value": "rule Trojan_Win32_Plakpeer : Platinum\r\n{\r\n meta:\r\n author = \"Microsoft\"\r\n description = \"Zc tool v2\"\r\n original_sample_sha1 = \"2155c20483528377b5e3fde004bb604198463d29\"\r\n unpacked_sample_sha1 = \"dc991ef598825daabd9e70bac92c79154363bab2\"\r\n activity_group = \"Platinum\"\r\n version = \"1.0\"\r\n last_modified = \"2016-04-12\"\r\n strings:\r\n $str1 = \"@@E0020(%d)\" wide\r\n $str2 = /exit.{0,3}@exit.{0,3}new.{0,3}query.{0,3}rcz.{0,3}scz/ wide\r\n $str3 = \"---###---\" wide\r\n $str4 = \"---@@@---\" wide\r\n\r\n\r\n condition:\r\n $str1 and $str2 and $str3 and $str4\r\n}" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088407", "uuid": "f697393a-2b49-43bf-852a-05852b6314cc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088407", "to_ids": true, "type": "md5", "uuid": "f4487447-4dc7-4dca-b618-0b15060c336b", "value": "fde37e60cc4be73dada0fb1ad3d5f273", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087926", "to_ids": true, "type": "sha1", "uuid": "1fe47f53-47a7-4e82-bfaf-a9b92d5e185f", "value": "1bdc1a0bc995c1beb363b11b71c14324be8577c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087926", "to_ids": true, "type": "sha256", "uuid": "36a03fd5-cc22-496b-8918-8fed8639ed85", "value": "2e71ded564eb42881e93202bbcc00fd7f9decaaa3b82643c0fbe75f0fa118040", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771086930", "to_ids": true, "type": "ssdeep", "uuid": "85042967-f5eb-41a3-b2fa-3b2214e92243", "value": "3072:1DqtwLtmNLEC73dsoM2T3rpm5ck66AptHTwl3CR:Q4tGP3dsoF0c+YtHTwl3CR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771086930", "to_ids": false, "type": "size-in-bytes", "uuid": "79443286-5786-4ada-b160-03920354bedf", "value": "161280" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771086930", "to_ids": true, "type": "vhash", "uuid": "346a8f44-8042-4c9d-8611-0e45474ba5b4", "value": "9484d04527d73f3706865db9f6e98225" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771086930", "to_ids": true, "type": "filename", "uuid": "56e7f77a-3301-441f-8627-b17cef7b1308", "value": ".bat" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771086930", "to_ids": false, "type": "text", "uuid": "dff593bf-8ee6-4e6e-bef5-ecdd22c85cb2", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:Win32/Ceevee\nVT Total Detection:30/63\nFirst Submission:2013-06-19T16:52:37.000000+00:00\nLast Submission:2018-05-15T00:10:13.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088428", "uuid": "726bede7-1263-40ee-a5f1-1dea0aad9be1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088428", "to_ids": true, "type": "md5", "uuid": "0428e943-eecc-4272-bb9e-bb8fe3bcdceb", "value": "2f1ab543b38a7ad61d5dbd72eb0524c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087927", "to_ids": true, "type": "sha1", "uuid": "c45ea013-314b-413d-b775-460d8aaa2e0a", "value": "2a33542038a85db4911d7b846573f6b251e16b2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087928", "to_ids": true, "type": "sha256", "uuid": "c8ecf760-5086-4960-afd4-c3702fe86baa", "value": "5f7499ef0eb5cd67f04c4b4f7cd4ac5ce11abad6d7523d275a7f7f3cd70d4c4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771086952", "to_ids": true, "type": "ssdeep", "uuid": "bd244d3c-b62d-4b47-9f82-67b38ddd6184", "value": "384:Db7td84YH0zGWQ5wCzIuR65Yo1zy6Bnk8OAQyYnCb/+JMe7r7WeFbeC3Mp40ZxZ:DfRrzCET5kBpF/LMp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771086952", "to_ids": false, "type": "size-in-bytes", "uuid": "c1470304-4f35-475c-9ba6-022184562f5b", "value": "40960" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771086952", "to_ids": true, "type": "vhash", "uuid": "14e22e8f-011a-4bde-8bfb-7b6795388f46", "value": "4b294bc178b1cceab99e4f5031133e14" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771086952", "to_ids": true, "type": "filename", "uuid": "08f6ea92-221a-45ba-a980-4962faf8e722", "value": "payload.bat" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771086952", "to_ids": false, "type": "text", "uuid": "77cf42c1-6edb-42db-8ed5-65724168a3a6", "value": "Type Description: MS Word Document\nMicrosoft: Exploit:Win32/BurLoin.A\nVT Total Detection:39/63\nFirst Submission:2013-06-19T15:53:49.000000+00:00\nLast Submission:2023-07-13T15:07:57.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088449", "uuid": "783a2ee1-c0ed-439b-9337-b006539d10a7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088449", "to_ids": true, "type": "md5", "uuid": "2eb09839-8e62-4d7b-b80a-d8542237a3f3", "value": "7eb17991ed13960d57ed75c01f6f7fd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087928", "to_ids": true, "type": "sha1", "uuid": "44e386da-746b-4225-a07b-dc90a7cacb1c", "value": "d6a795e839f51c1a5aeabf5c10664936ebbef8ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087929", "to_ids": true, "type": "sha256", "uuid": "b154c7f5-ad6c-4569-9e69-510ed4c6e839", "value": "527ff3a10bd6af99df29f8b2e58fa9fafaf2beae9219c7a82127e5d89d36617e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771086974", "to_ids": true, "type": "ssdeep", "uuid": "74ad68de-2ae1-4381-8df3-25990109e0f2", "value": "768:kTnnmef5+2S65Fame+/vYlCXH1GM+mGujlThQ:ktD9LaN8AMX1GM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771086974", "to_ids": false, "type": "size-in-bytes", "uuid": "1ee60787-3dc3-482b-a546-6b69b5089826", "value": "39424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771086974", "to_ids": true, "type": "vhash", "uuid": "c7331d36-6045-4aea-8488-4b18d494f354", "value": "e4e45431e82a25b6a613da2a28b5c088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771086974", "to_ids": true, "type": "filename", "uuid": "d9b235e5-ea48-4ed1-9504-c0a9aa2697a6", "value": ".exe" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771086974", "to_ids": false, "type": "text", "uuid": "def31732-f1f8-4741-b58a-b27e0b818765", "value": "Type Description: MS Word Document\nMicrosoft: Exploit:Win32/BurLoin.C\nVT Total Detection:30/63\nFirst Submission:2013-06-19T16:02:39.000000+00:00\nLast Submission:2018-05-14T23:59:28.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088470", "uuid": "e75e8c51-51a9-4105-9e59-3469c2776913", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088470", "to_ids": true, "type": "md5", "uuid": "951ba8bd-8ef2-4284-9466-63761a1b9348", "value": "70511e6e75aa38a4d92cd134caba16ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087930", "to_ids": true, "type": "sha1", "uuid": "f2ed11e4-4aa2-438e-aab2-c7a71cb10f44", "value": "f362feedc046899a78c4480c32dda4ea82a3e8c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087930", "to_ids": true, "type": "sha256", "uuid": "f18f78c8-7c5a-4b3b-b552-ec93e1700830", "value": "1cd003a5e089ce906e035efee222785bba679276356b8409c24b3fe5bb863d15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771086995", "to_ids": true, "type": "ssdeep", "uuid": "72c03a3f-48ea-4dbb-bcc6-638e56c9b602", "value": "3072:xB8XmoLDJ37xn1lpYIPrDgx19SzIC2mGNnmCGbLk/JM:xKXmgDJrx1vxTDm19SzcmGtIbLk/J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771086995", "to_ids": false, "type": "size-in-bytes", "uuid": "934ff65b-32b4-470e-9e88-1aedab8dd773", "value": "184832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771086995", "to_ids": true, "type": "vhash", "uuid": "b213260e-a16e-4da2-bf50-3ecbb77d2301", "value": "9484d04527d73f3706865db9f6e98225" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771086995", "to_ids": true, "type": "filename", "uuid": "7392bbb0-f217-4b45-83f8-53f11dfc6989", "value": "70511e6e75aa38a4d92cd134caba16ef.bin" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771086995", "to_ids": false, "type": "text", "uuid": "9802369a-5456-410b-92db-970aecd51b5d", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:Win32/Ceevee\nVT Total Detection:38/63\nFirst Submission:2013-06-19T16:28:53.000000+00:00\nLast Submission:2024-11-26T02:10:08.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088492", "uuid": "996d6ce8-aa61-42fc-9d08-1dd0c244c9e6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088492", "to_ids": true, "type": "md5", "uuid": "904579da-cae8-4114-abc5-29b592c18cd7", "value": "28e81ca00146165385c8916bf0a61046", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087931", "to_ids": true, "type": "sha1", "uuid": "884e99f9-e5b6-4a32-8a6f-e3fc3ea53144", "value": "f751cdfaef99c6184f45a563f3d81ff1ada25565", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087931", "to_ids": true, "type": "sha256", "uuid": "40af37f6-2dce-416b-9074-7dd53726e26b", "value": "66a85a846c816821635337b61da6bff58cbb5d4a8dc5a87b05f08d4a9e934372", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087017", "to_ids": true, "type": "ssdeep", "uuid": "b7f0e33e-2d38-41cd-a703-e5a725875108", "value": "3072:wTry4+e5xBpZOwWCF4uRf561CyhCh3ijZ6uFuxaSJal+daedy:kXxBpZOwJF4g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087017", "to_ids": false, "type": "size-in-bytes", "uuid": "bf89f35c-9500-419d-963c-1fd06345800b", "value": "130560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087017", "to_ids": true, "type": "vhash", "uuid": "d8ac715b-a1cc-417b-b626-c519233ead42", "value": "02cd83e229c58abd301b13b2d55d6f2b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087017", "to_ids": true, "type": "filename", "uuid": "df11e096-205b-4972-9e07-071cba918a94", "value": "\u767c\u5e03.exe" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 11/02/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087017", "to_ids": false, "type": "text", "uuid": "6e9a620a-d451-4f17-a50e-4cd9ea4d40c7", "value": "Type Description: MS Word Document\nMicrosoft: Trojan:Win32/Ceevee\nVT Total Detection:35/63\nFirst Submission:2013-06-18T01:53:16.000000+00:00\nLast Submission:2023-07-12T15:54:11.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088513", "uuid": "d2406748-787e-4d7c-883e-f6b1b2e7e5a4", "Attribute": [ { "category": "Payload delivery", "comment": "Dipsind Family", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088513", "to_ids": true, "type": "md5", "uuid": "7dbc444a-904e-406f-9e10-797a2f4f5e10", "value": "eaec3e5334b937a526a418b88d63291c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind Family", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087932", "to_ids": true, "type": "sha1", "uuid": "d352d253-19ec-485e-b3d4-f1fb8880a6a3", "value": "09e0dfbb5543c708c0dd6a89fd22bbb96dc4ca1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind Family", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087932", "to_ids": true, "type": "sha256", "uuid": "c3049984-97c4-4539-b852-f230bf7fd8d1", "value": "23ea986ddaa82e5947f02bd8aa1d5d326384a9137b6f93c76b64ee9e5001ffc7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087166", "to_ids": true, "type": "ssdeep", "uuid": "d3029fff-2e96-484a-a084-f7a6a4dbc6ed", "value": "3072:n2zVFiZL4qiXqQ2LGmPlsXmSeBH36ACaAG6wrh8aQ:n2zLiW8LnxNhCaAG6Mh81" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087166", "to_ids": false, "type": "size-in-bytes", "uuid": "5bc60bf5-0fa2-4273-9a16-aab03b566997", "value": "163840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087166", "to_ids": true, "type": "vhash", "uuid": "92ed04fa-fd2e-42fd-80a9-7b8617e2506e", "value": "015046655d151158z38315z1011z21z2078z137z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087166", "to_ids": true, "type": "filename", "uuid": "d727e3d7-a4f4-4cda-9860-6de3cda4176d", "value": "MSOFS.EXE" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087166", "to_ids": false, "type": "text", "uuid": "ae79dd4b-f249-4b48-8271-330566382417", "value": "Dipsind Family\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dipsind.A!dha\nVT Total Detection:53/73\nFirst Submission:2014-08-30T09:21:03.000000+00:00\nLast Submission:2023-07-21T13:36:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088535", "uuid": "4e270d9d-b186-4132-9800-49c320dc8cb4", "Attribute": [ { "category": "Payload delivery", "comment": "Adupib SSL Backdoor", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088535", "to_ids": true, "type": "md5", "uuid": "bc2e6118-a1e8-48a5-ad5b-136a75931c18", "value": "d9af02de733584e4c91fc107c50538d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Adupib SSL Backdoor", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087933", "to_ids": true, "type": "sha1", "uuid": "0385084c-73de-41c0-86f8-72efee5617b6", "value": "d3ad0933e1b114b14c2b3a2c59d7f8a95ea0bcbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Adupib SSL Backdoor", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087933", "to_ids": true, "type": "sha256", "uuid": "15181eb3-6eff-4f20-b882-73127b7f4e38", "value": "33aae7a365839916a484c7626feb5eeba02915ceb4a0a4b65a934580cd05491a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087231", "to_ids": true, "type": "ssdeep", "uuid": "4d4e9264-300d-4dd1-a2be-a4a3638dac71", "value": "24576:JMe5qm5cfGHmtNu8UPrFfHH1GfmJuMa3QwUqLWtuLBCyizKfjsX:Wzm6RNu8UPrF/VLao" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087231", "to_ids": false, "type": "size-in-bytes", "uuid": "a4aebbb2-0a6d-46db-9a6b-26a83cb2f083", "value": "1464320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087231", "to_ids": true, "type": "vhash", "uuid": "f9783f53-e690-4aed-a801-58b4cc9bbbc1", "value": "1160765d6c051515151az2a06lz9ezd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087231", "to_ids": true, "type": "filename", "uuid": "cdee11ba-6a5b-4e89-9da8-d10f3735752e", "value": "adb.sfx.exe" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 06/06/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087231", "to_ids": false, "type": "text", "uuid": "5ece1324-ca20-41d2-bbfa-e4abbdaf220a", "value": "Adupib SSL Backdoor\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Occamy.C33\nVT Total Detection:53/71\nFirst Submission:2012-08-13T07:18:45.000000+00:00\nLast Submission:2023-07-21T13:22:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088556", "uuid": "71cba234-1771-4fe0-aa8e-78a189ed6b70", "Attribute": [ { "category": "Payload delivery", "comment": "Loader / possible incomplete LSA Password Filter", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088556", "to_ids": true, "type": "md5", "uuid": "6f51f5a6-83bb-4318-bdc8-9be85e7c4064", "value": "cf386d884135b195fb6d11727bc06056", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Loader / possible incomplete LSA Password Filter", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087935", "to_ids": true, "type": "sha1", "uuid": "2a0cca06-d191-43a4-b3f7-0b4748dcf7e7", "value": "fa087986697e4117c394c9a58cb9f316b2d9f7d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Loader / possible incomplete LSA Password Filter", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087935", "to_ids": true, "type": "sha256", "uuid": "03629061-8cf0-461a-9130-1294a2eae264", "value": "0075be8e71880469a8c4b3f6f52970351d5dacdd30fa7885de0710b9eac97405", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087274", "to_ids": true, "type": "ssdeep", "uuid": "ab0c578b-8379-47e9-bff4-274374ef4230", "value": "768:ojXSnrC9CE5mJBjRCa/nXAEDWVL0Ldftrv/BSjBI02+TVuAGn8xwhjsMtRApzvm:Mv9RIoiWV+f7yBlzcAGn8whDRApzvm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087274", "to_ids": false, "type": "size-in-bytes", "uuid": "dfd53100-c03c-48aa-b7f5-210e3c5ed9ce", "value": "74752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087274", "to_ids": true, "type": "vhash", "uuid": "c9f62bd0-0ec9-4c3d-802f-95544094f044", "value": "1740665d6c0515151az2b07lz9ez5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087274", "to_ids": true, "type": "filename", "uuid": "6c1493f4-331e-4f58-9297-36bf584afdbe", "value": ".dll" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087274", "to_ids": false, "type": "text", "uuid": "41ecc5ed-9165-4e7b-860d-812b3c372f19", "value": "Loader / possible incomplete LSA Password Filter\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:48/72\nFirst Submission:2012-05-15T09:50:05.000000+00:00\nLast Submission:2022-08-17T04:47:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088577", "uuid": "f9f28379-3d2b-4cd6-821a-96fb69858e67", "Attribute": [ { "category": "Payload delivery", "comment": "Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088577", "to_ids": true, "type": "md5", "uuid": "0f205ca8-6692-427a-a6e6-6a1b7046d323", "value": "739daf91938f4bdab973c5ef519d6543", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087936", "to_ids": true, "type": "sha1", "uuid": "fbd71f56-8e30-4d00-a0b3-d8427f08a198", "value": "48b89f61d58b57dba6a0ca857bce97bab636af65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087936", "to_ids": true, "type": "sha256", "uuid": "16959e21-08ed-45c3-8d6b-7aaf09f6a492", "value": "f79c426f58fd41010b5dd14d3ff47228c7b6a2ccaf47c14fd899b3173871204c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087317", "to_ids": true, "type": "ssdeep", "uuid": "42f3882f-04b1-4beb-ba57-1a9e54e1a0c3", "value": "6144:1rWphj9ETPx4Rb7cVvkHPMYwMWAuTqbac6SD2x/MApN+:1gKeFcVG4AuWWI2acc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087317", "to_ids": false, "type": "size-in-bytes", "uuid": "db7b4789-1aeb-4967-92dd-660531c75598", "value": "488448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087317", "to_ids": true, "type": "vhash", "uuid": "e2bacf57-755c-4b30-aa18-20a765af4e3c", "value": "1450765d6c051515151az2908lz9eza" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087317", "to_ids": true, "type": "filename", "uuid": "325356e7-ab43-448c-b0fb-6cc65f03630d", "value": "cscdll32.dll" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 08/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087317", "to_ids": false, "type": "text", "uuid": "7b23aed8-95d3-4bbf-8101-061d62bd98ae", "value": "Dipsind variant\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:57/72\nFirst Submission:2016-04-27T12:45:42.000000+00:00\nLast Submission:2023-08-31T09:36:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088598", "uuid": "d1efda9b-59ee-4fdd-bd36-1321f19c33eb", "Attribute": [ { "category": "Payload delivery", "comment": "Raw-input based keylogger", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088598", "to_ids": true, "type": "md5", "uuid": "8cfdfce3-5c88-465c-a154-62ea22518841", "value": "05e48b00754007843e1fdf72083a1538", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Raw-input based keylogger", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087936", "to_ids": true, "type": "sha1", "uuid": "9a0d04f0-5126-4974-9570-326f0f5d0e13", "value": "3907a9e41df805f912f821a47031164b6636bd04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Raw-input based keylogger", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087937", "to_ids": true, "type": "sha256", "uuid": "d3c46d7a-210e-439d-bfbb-ad6fbfbd3f54", "value": "f50e86f22fa1c38b18b54f7827a1f1c152e6c56ff24dc8f923625bc12bd6efe9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087360", "to_ids": true, "type": "ssdeep", "uuid": "8d1381ea-867f-42f7-ae8b-711c08954668", "value": "1536:gcp03q8d1fpdpaTVgKylvzN/ZdMLx8+aS9lNZT8x+w4IoNIw7jWOnGnC5XvYva2l:Dg3nvUNyH5+IzOn9XgvaUEO9UyP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087360", "to_ids": false, "type": "size-in-bytes", "uuid": "1345877a-6406-493a-8e3d-1c4431445bc6", "value": "227840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087360", "to_ids": true, "type": "vhash", "uuid": "bac1b6c4-be8b-4448-96c0-21ed07a6ef7f", "value": "0250565d1c05151az2a14lz9fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087360", "to_ids": true, "type": "filename", "uuid": "c9693711-3550-4ba4-a184-fe6dc385e8b3", "value": "CTFMON.EXE" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 27/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087360", "to_ids": false, "type": "text", "uuid": "e082ba89-cc2f-4998-9d69-9a11c126322f", "value": "Raw-input based keylogger\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ymacco.AAF5\nVT Total Detection:55/73\nFirst Submission:2010-08-18T08:16:36.000000+00:00\nLast Submission:2023-05-16T02:51:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088620", "uuid": "d6b0af4b-e371-4599-9697-b3d2bf9c6710", "Attribute": [ { "category": "Payload delivery", "comment": "Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088620", "to_ids": true, "type": "md5", "uuid": "eec0ccbd-cf15-4a01-97c0-c2e30f3135ee", "value": "6561e8fad70cfdd25e4a1f8d64f2c0a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087937", "to_ids": true, "type": "sha1", "uuid": "53d3fe25-29d3-42fb-989c-bc0ecd9a7842", "value": "bf944eb70a382bd77ee5b47548ea9a4969de0527", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087937", "to_ids": true, "type": "sha256", "uuid": "f7db358f-6919-4faf-8d00-47e5e061db84", "value": "ff6181cbf78edbbea17dce94132991fd7179c61e79030ec348a3039ae1f7598a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087593", "to_ids": true, "type": "ssdeep", "uuid": "22e338cb-6ba8-43be-ab7d-f71a0358e683", "value": "6144:liyEOh2GIzQLIUA+axHxt5yWrMoacMfznewGu5gi/wKYOYz:cDOSQLIvHHrMeMfEuBzYv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087593", "to_ids": false, "type": "size-in-bytes", "uuid": "9b4907fb-c988-4d15-a8f7-2ff1e73391dd", "value": "297472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087593", "to_ids": true, "type": "vhash", "uuid": "ac802f7f-f687-4299-91e3-c88a5010d36f", "value": "0250565d7c05551az2a1mz9fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087593", "to_ids": true, "type": "filename", "uuid": "8cdf88e0-f790-4b4b-a316-317c5c8bcbff", "value": "msdtc.exe" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 26/06/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087593", "to_ids": false, "type": "text", "uuid": "11970df4-00d4-4e85-b1e5-5b990dea7553", "value": "Dipsind variant\r\nType Description: Win32 EXE\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:57/72\nFirst Submission:2010-09-08T10:22:32.000000+00:00\nLast Submission:2023-07-21T14:28:18.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088641", "uuid": "381a3067-b781-4629-a170-72284a16e79b", "Attribute": [ { "category": "Payload delivery", "comment": "Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088641", "to_ids": true, "type": "md5", "uuid": "f8fb80c4-eb75-4811-b19c-b5dec37ea3ee", "value": "71a76adeadc7b51218d265771fc2b0d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087939", "to_ids": true, "type": "sha1", "uuid": "e68aa1b3-585b-42ef-a4ce-5ad665d2bd90", "value": "1b542dd0dacfcd4200879221709f5fa9683cdcda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087939", "to_ids": true, "type": "sha256", "uuid": "967b36ef-3840-4039-910e-7ca9e0190781", "value": "6ffb6c322008874cbfd936c69bf816e5a3fe04daf1fed3115297cf06b7917511", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087636", "to_ids": true, "type": "ssdeep", "uuid": "6d2fa06e-a5ca-4e52-a944-b320a05edc61", "value": "12288:uh8zohyD8eUgLwN+xfEwYb00wkXUdO3aur1O09ZaR01sL/2:uuEhyD8eUgs+xBYb0BoUdoaWJ1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087636", "to_ids": false, "type": "size-in-bytes", "uuid": "f63795e0-d131-48d4-9216-c8dfaf602b72", "value": "782336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087636", "to_ids": true, "type": "vhash", "uuid": "4da300a8-27f8-472f-b670-894b2f529617", "value": "0750565d6c05551az2b0flz9fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087636", "to_ids": true, "type": "filename", "uuid": "6dc46862-5375-430f-899b-c21c957fe739", "value": "Adobe_Update_Sync.exe" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087636", "to_ids": false, "type": "text", "uuid": "2ea0c5af-4049-4a9c-9ab8-7a977088dcdf", "value": "Dipsind variant\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:58/73\nFirst Submission:2012-05-15T09:47:08.000000+00:00\nLast Submission:2023-07-21T13:32:01.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088662", "uuid": "122a37f2-9657-45f7-a887-23f1a0bef838", "Attribute": [ { "category": "Payload delivery", "comment": "Installer for Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088662", "to_ids": true, "type": "md5", "uuid": "efcae02e-0279-4b0e-8c91-f11fcce94b0d", "value": "e6c27747a61038a641b8fa1239a35291", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer for Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087940", "to_ids": true, "type": "sha1", "uuid": "101339af-24e4-4469-b2d1-805593010b68", "value": "3d17828632e8ff1560f6094703ece5433bc69586", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Installer for Dipsind variant", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087940", "to_ids": true, "type": "sha256", "uuid": "81615d4d-1495-4dbb-b2f7-5a47703a2085", "value": "8c395963a9a498a7edc219eba6718adc029c5dfd2cf4af0b3f1253febc47ec01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087679", "to_ids": true, "type": "ssdeep", "uuid": "e6aa0cfc-ad8f-437c-b45b-6595d90e0d91", "value": "12288:7l52HmP1YqvWKV5HXOMmjQuG4v8u6r3gw1vu5FrgO7mvKoXdEO0d7E:R4eAKDXOMCQuGDhkwNuzr37eZXLa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087679", "to_ids": false, "type": "size-in-bytes", "uuid": "c30625fd-2824-4964-989c-05ad4045cb5c", "value": "927744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087679", "to_ids": true, "type": "vhash", "uuid": "8cf8916c-b5c1-4ba4-8c61-1123476a7c6a", "value": "0950565d6c05151az2911lz9fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087679", "to_ids": true, "type": "filename", "uuid": "3291f26a-5fd1-4d25-a001-9ae1065e5573", "value": "\u751f\u7522.exe" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 19/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087679", "to_ids": false, "type": "text", "uuid": "0674b9f7-27c1-4a8f-abec-a676f46339ae", "value": "Installer for Dipsind variant\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Dynamer!rfn\nVT Total Detection:48/73\nFirst Submission:2011-06-06T13:00:25.000000+00:00\nLast Submission:2023-07-21T13:33:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088684", "uuid": "60f06904-494e-4900-8250-f263dde36925", "Attribute": [ { "category": "Payload delivery", "comment": "Injector / loader component", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088684", "to_ids": true, "type": "md5", "uuid": "0ffc856c-3770-4ace-a2b3-dd5788c0890b", "value": "1c7123dd51906327c37ed12b68cf435f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Injector / loader component", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087942", "to_ids": true, "type": "sha1", "uuid": "0c76233d-6578-4a59-8cb0-ea85eba1c9c7", "value": "fa083d744d278c6f4865f095cfd2feabee558056", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Injector / loader component", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087942", "to_ids": true, "type": "sha256", "uuid": "30fc03f2-a95d-4ce8-a1b6-2a1b43fc5c6a", "value": "9f561f20b767a656773f129c2794c139d5d51428f6d72a771adcf2c6db2c9263", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087722", "to_ids": true, "type": "ssdeep", "uuid": "5d36ef64-c445-442d-8f38-5da2a7049d6f", "value": "6144:rFbZqshKSYBWZyU2useEOH2ABymJ9yQi:rlOnW721mJ9y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087722", "to_ids": false, "type": "size-in-bytes", "uuid": "3406e000-c9dc-4400-86f7-654d46235d1a", "value": "230912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087722", "to_ids": true, "type": "vhash", "uuid": "2e85b38f-9630-40e9-96b3-f9b107fd80b5", "value": "0250465d7c055az2811lz9fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087722", "to_ids": true, "type": "filename", "uuid": "0bdd1c2f-4edb-4b36-92a7-ccd467517acc", "value": ".exe" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 08/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087722", "to_ids": false, "type": "text", "uuid": "f6fe99eb-2a15-4ed8-9f86-ce973ac367c2", "value": "Injector / loader component\r\nType Description: Win32 EXE\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:47/72\nFirst Submission:2011-06-09T05:03:36.000000+00:00\nLast Submission:2022-08-17T02:36:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088705", "uuid": "b610f17b-a037-4b2b-bd09-0505863dbba4", "Attribute": [ { "category": "Payload delivery", "comment": "Zc tool", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088705", "to_ids": true, "type": "md5", "uuid": "7dc39138-36cd-4c2a-9ea9-00d1e1866c81", "value": "a3edf69b6b419e5ac3de3d99e636f59c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Zc tool", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087943", "to_ids": true, "type": "sha1", "uuid": "91e1f1dd-040d-4814-9975-3bc53cf96fbf", "value": "3f2ce812c38ff5ac3d813394291a5867e2cddcf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Zc tool", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087943", "to_ids": true, "type": "sha256", "uuid": "368595fd-f8f4-459f-a8fc-18f3d6036c7d", "value": "021bb772775dc4c7df1569c3ee8ed957207df810837bdff71104ea6e905e4681", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087765", "to_ids": true, "type": "ssdeep", "uuid": "aaa80575-eb82-4db5-8434-ab3727afb7f8", "value": "3072:hMTQTUFMKx4DXcjlNgzE7Iy1hj2FPLPzRh97cEEEEEgEEHEI6EEEEEEAEw9EEEE0:FTUgzWrJCH97flmlfyF6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087765", "to_ids": false, "type": "size-in-bytes", "uuid": "9b43adcd-df93-42f3-8617-32ffd4995b39", "value": "159744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087765", "to_ids": true, "type": "vhash", "uuid": "0a259050-aca3-409d-970f-5d29189c5d1c", "value": "0150465d7c051az26!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087765", "to_ids": true, "type": "filename", "uuid": "a5a68e1b-91f7-4986-8240-5a12ad0f4892", "value": "\u7522.bin" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087765", "to_ids": false, "type": "text", "uuid": "40b03cce-b714-4cdd-8ffa-667531c78a41", "value": "Zc tool\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:57/72\nFirst Submission:2012-08-10T02:38:35.000000+00:00\nLast Submission:2022-08-16T16:21:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1771088726", "uuid": "7c956852-76cf-4008-9175-4a92c675c7b2", "Attribute": [ { "category": "Payload delivery", "comment": "Zc tool v2", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1771088726", "to_ids": true, "type": "md5", "uuid": "0716a99e-4caf-4506-9a71-c47d335c6e8e", "value": "e9a99f7b2ac4a8aceed2c3a9fcb78eb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Zc tool v2", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1771087945", "to_ids": true, "type": "sha1", "uuid": "df3d8bb5-3a1b-49f0-83f3-6aca8d4ea420", "value": "2155c20483528377b5e3fde004bb604198463d29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Zc tool v2", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1771087945", "to_ids": true, "type": "sha256", "uuid": "5d2210ec-fc35-4981-bfa7-cb1abc0fc1c4", "value": "46a9ac069c20c505e6bc5fcd6de9a0f1d3a8ed3073133913e57d54604a0e8e8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1771087808", "to_ids": true, "type": "ssdeep", "uuid": "deb35432-783f-4ab8-aa01-39bde98cb4ac", "value": "12288:7y0zvnLUY2ejFSiej0wPXPzQNpIC9V/RR+I:7y0DwHIFSiehwCCZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1771087808", "to_ids": false, "type": "size-in-bytes", "uuid": "45201e85-27eb-4a32-a898-09efe81132b7", "value": "489984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1771087808", "to_ids": true, "type": "vhash", "uuid": "8051daf1-c488-4c46-b7b9-3f31f7e9b0c6", "value": "0450465d7c051az25!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1771087808", "to_ids": true, "type": "filename", "uuid": "5b207d31-25e0-4045-a31f-93a56af24822", "value": "main.bin" }, { "category": "Other", "comment": "Checked: 15/02/2026\nLast-scan\t: 08/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1771087808", "to_ids": false, "type": "text", "uuid": "a12b41ff-4ae7-44fe-b151-b91efc494de5", "value": "Zc tool v2\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Ymacco.AA46\nVT Total Detection:51/72\nFirst Submission:2012-08-05T14:41:14.000000+00:00\nLast Submission:2022-08-16T15:06:31.000000+00:00" } ] } ] } }